Is it clean?

**jamesjcostello** · 02-09-2010

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4525

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/1/2010 8:55:30 PM
mbam-log-2010-09-01 (20-55-30).txt

Scan type: Quick scan
Objects scanned: 132833
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-01 23:00:48
Windows 5.1.2600 Service Pack 3
Running: nmy7qgpi.exe; Driver: C:\DOCUME~1\JAMESC~1\LOCALS~1\Temp\uxtdapow.sys

---- Kernel code sections - GMER 1.0.15 ----

? dsapd.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0060000c

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8B32000 \WINDOWS\system32\KDCOM.DLL
0xF8A42000 \WINDOWS\system32\BOOTVID.dll
0xF8632000 dsapd.sys
0xF8503000 ACPI.sys
0xF8B34000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84F2000 pci.sys
0xF8642000 isapnp.sys
0xF8A46000 compbatt.sys
0xF8A4A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8BFA000 pciide.sys
0xF88B2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D4000 pcmcia.sys
0xF8652000 MountMgr.sys
0xF84B5000 ftdisk.sys
0xF88BA000 PartMgr.sys
0xF8662000 VolSnap.sys
0xF849D000 atapi.sys
0xF8672000 disk.sys
0xF8682000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF847D000 fltmgr.sys
0xF846B000 sr.sys
0xF8455000 drvmcdb.sys
0xF8692000 PxHelp20.sys
0xF843E000 KSecDD.sys
0xF83B1000 Ntfs.sys
0xF8384000 NDIS.sys
0xF86A2000 ohci1394.sys
0xF86B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF836A000 Mup.sys
0xF86D2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF88A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8AFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF744E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF743A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8942000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7416000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF894A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF86E2000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7402000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF73A7000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7364000 \SystemRoot\system32\drivers\STAC97.sys
0xF7340000 \SystemRoot\system32\drivers\portcls.sys
0xF86F2000 \SystemRoot\system32\drivers\drmk.sys
0xF731D000 \SystemRoot\system32\drivers\ks.sys
0xF72EC000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF71ED000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7145000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8952000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8702000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF712B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF895A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8962000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7615000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B56000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7605000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75F5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF896A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF75E5000 \SystemRoot\system32\drivers\ateksoftaudio.sys
0xF8CC3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B06000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7114000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8972000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7103000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75A5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF897A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8982000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7595000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B5A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF707D000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B16000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF898A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7585000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8722000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8B5E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8319000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B64000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D66000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B66000 \SystemRoot\System32\Drivers\Beep.SYS
0xF899A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF89A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF89AA000 \SystemRoot\System32\drivers\vga.sys
0xF8B68000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8311000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6D2000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAA6AC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8732000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8742000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8ADA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8752000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8ADE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA65C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA63A000 \SystemRoot\System32\drivers\afd.sys
0xF8762000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA56F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA4FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8782000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89C2000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAA4CB000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF8AEE000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF87A2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA4B3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B74000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA7BC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF89D2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D00000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8872000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8C69000 \SystemRoot\system32\dla\tfsndres.sys
0xAA35D000 \SystemRoot\system32\dla\tfsnifs.sys
0xF8AB2000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8B82000 \SystemRoot\system32\dla\tfsnpool.sys
0xF89F2000 \SystemRoot\system32\dla\tfsnboio.sys
0xF8882000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C6A000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA344000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA32B000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA39B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA397000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9FF6000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA60A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9EB3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA053000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9DE4000 \SystemRoot\system32\DRIVERS\srv.sys
0xA955B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9314000 \??\C:\DOCUME~1\JAMESC~1\LOCALS~1\Temp\uxtdapow.sy s
0xA8F73000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
736 C:\WINDOWS\system32\smss.exe
812 csrss.exe
836 C:\WINDOWS\system32\winlogon.exe
880 C:\WINDOWS\system32\services.exe
892 C:\WINDOWS\system32\lsass.exe
1064 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1452 C:\Program Files\AVG\AVG9\avgchsvx.exe
1460 C:\Program Files\AVG\AVG9\avgrsx.exe
1624 svchost.exe
1668 C:\Program Files\AVG\AVG9\avgcsrvx.exe
208 C:\WINDOWS\system32\WLTRYSVC.EXE
216 C:\WINDOWS\system32\BCMWLTRY.EXE
324 C:\WINDOWS\system32\spoolsv.exe
184 svchost.exe
372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
416 C:\Program Files\AVG\AVG9\avgwdsvc.exe
448 C:\Program Files\Bonjour\mDNSResponder.exe
556 C:\WINDOWS\system32\cisvc.exe
780 C:\Program Files\Java\jre6\bin\jqs.exe
1428 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1832 C:\WINDOWS\system32\svchost.exe
2020 C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
392 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1616 C:\WINDOWS\explorer.exe
1956 C:\Program Files\AVG\AVG9\avgemc.exe
2068 C:\Program Files\AVG\AVG9\avgnsx.exe
2260 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2368 wmiprvse.exe
2644 C:\Program Files\Apoint\Apoint.exe
2672 C:\WINDOWS\system32\WLTRAY.EXE
2720 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2740 C:\WINDOWS\system32\dla\tfswctrl.exe
2780 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2852 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2872 C:\WINDOWS\system32\igfxpers.exe
2892 C:\Program Files\Dell\QuickSet\quickset.exe
3016 C:\Program Files\Apoint\ApntEx.exe
3140 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3528 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
3856 alg.exe
3504 C:\WINDOWS\system32\svchost.exe
1644 C:\Program Files\Mozilla Firefox\firefox.exe
2912 C:\Program Files\Mozilla Firefox\plugin-container.exe
1836 C:\Documents and Settings\James Costelllo\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD400VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

OTL Extras logfile created on: 9/1/2010 11:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\James Costelllo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 268.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.94 Gb Total Space | 16.48 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive D: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 26.55 Gb Total Space | 2.06 Gb Free Space | 7.77% Space Free | Partition Type: NTFS
Drive W: | 74.53 Gb Total Space | 26.85 Gb Free Space | 36.03% Space Free | Partition Type: NTFS

Computer Name: LAPTOP
Current User Name: James Costelllo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server -- File not found
"C:\WINDOWS\Downloaded Program Files\ptermX.exe" = C:\WINDOWS\Downloaded Program Files\ptermX.exe:*:Enabled:PowerTerm® WebConnect ActiveX -- ()
"C:\Program Files\BCDC++\DCPlusPlus.exe" = C:\Program Files\BCDC++\DCPlusPlus.exe:*:Enabled:BCDC++ -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger -- (Yahoo! Inc.)
"\\PC\Ateksoft\WebCamera Plus\camviewer.exe" = \\PC\Ateksoft\WebCamera Plus\camviewer.exe:*:Enabled:camviewer.exe
"C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe" = C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe:*:Enabled:WebCamera Plus Service -- (Ateksoft Company Ltd.)
"C:\Program Files\Ateksoft\WebCamera Plus\camviewer.exe" = C:\Program Files\Ateksoft\WebCamera Plus\camviewer.exe:*:Enabled:WebCamera Plus -- (Ateksoft Company Ltd.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"\\Pc\my music\iTunes.exe" = \\Pc\my music\iTunes.exe:*:Enabled:iTunes.exe
"\\Pc\E\My Music\iTunes.exe" = \\Pc\E\My Music\iTunes.exe:*:Enabled:iTunes.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Picasa3\Picasa3.exe" = C:\Program Files\Picasa3\Picasa3.exe:*:Enabled:Picasa -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}" = DIYPhotoBits.com Camera Control 4.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-2448-0000-705000000001}" = Adobe Reader Chinese Traditional Fonts
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_54221 4F1" = Conexant D110 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCamera Plus_is1" = WebCamera Plus 2.0
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZipCentral_is1" = ZipCentral 4.01
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2010 1:12:20 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8094

Error - 8/31/2010 1:12:22 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/31/2010 1:12:22 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10125

Error - 8/31/2010 1:12:22 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10125

Error - 8/31/2010 1:12:25 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/31/2010 1:12:25 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12344

Error - 8/31/2010 1:12:25 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12344

Error - 8/31/2010 1:12:27 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/31/2010 1:12:27 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14469

Error - 8/31/2010 1:12:27 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14469

[ System Events ]
Error - 9/1/2010 8:13:08 AM | Computer Name = LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.4 on
the Network Card with network address 0014A433A1E7.

Error - 9/1/2010 8:26:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/1/2010 8:26:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/1/2010 8:26:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 9/1/2010 8:26:05 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/1/2010 8:26:05 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/1/2010 8:26:07 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 9/1/2010 8:30:01 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 9/1/2010 9:02:22 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde Lbd

Error - 9/1/2010 10:18:54 PM | Computer Name = LAPTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{4984256F-3256-4D4A-AE7B-AB5A89B0E00C}. The
backup browser is stopping.

< End of report >

OTL logfile created on: 9/1/2010 11:04:58 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\James Costelllo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 268.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.94 Gb Total Space | 16.48 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive D: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 26.55 Gb Total Space | 2.06 Gb Free Space | 7.77% Space Free | Partition Type: NTFS
Drive W: | 74.53 Gb Total Space | 26.85 Gb Free Space | 36.03% Space Free | Partition Type: NTFS

Computer Name: LAPTOP
Current User Name: James Costelllo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/01 23:02:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Costelllo\My Documents\Downloads\OTL.exe
PRC - [2010/07/23 08:02:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 08:54:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 08:54:36 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 08:54:34 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 08:54:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 08:52:13 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 08:52:07 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/25 12:06:10 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/06/10 12:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/04 13:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/09/13 18:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 16:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

========== Modules (SafeList) ==========

MOD - [2010/09/01 23:02:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Costelllo\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/12/23 17:47:36 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/23 08:02:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 08:54:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/25 12:06:10 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) [Auto | Running] -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe -- (Webcamera Plus Service)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/16 08:54:40 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 08:52:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/05 11:26:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14

49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/25 12:06:16 | 000,011,776 | ---- | M] (Ateksoft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ateksoftaudio.sys -- (AteksoftAudio)
DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 03

00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/11 00

06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 23:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/16 18:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/18 16:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 22:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/03/12 21:50:50 | 000,899,884 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "file:///C:/Home%20Page.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/23 08:04:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 08:16:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 16:49:18 | 000,000,000 | ---D | M]

[2009/01/06 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Extensions
[2010/09/01 09:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\ext ensions
[2010/05/21 18:25:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/13 18:51:06 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\sea rchplugins\ask.xml
[2008/08/13 18:51:06 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\sea rchplugins\jeeves.xml
[2010/09/01 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/21 18:08:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/01 10:41:47 | 001,196,032 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2006/02/02 13:16:38 | 000,628,256 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll
[2006/06/01 10:41:47 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/06/01 10:41:47 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: Pc ([]file in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...0/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C1ECC9B2-75B2-4490-8040-B8A107F45DC2} http://mail.waynecountycourthouse.co...veX/ptermX.CAB (PtConnector422 Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} http://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx (SketchCtl.Pic1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2006/05/09 09:47:55 | 000,000,020 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 20:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/15 05:17:00 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e3ff5919-f98c-11de-9212-001422dfc4e3}\Shell\AutoRun\command - "" = F:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.D263 - xl_x263dec.dll File not found
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - xl_yv12.dll File not found
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/01 20:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Costelllo\Application Data\Malwarebytes
[2010/09/01 20:41:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 20:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 20:40:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/23 21:09:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James Costelllo\Recent
[2010/08/03 18:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\Yahoo!
[2010/08/03 18:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/08/02 08:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/30 22:02:25 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/07/30 22:00:36 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/07/16 08:54:35 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/21 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 19:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 90 Days ==========

[2010/09/01 23:01:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\prvlcl.dat
[2010/09/01 21:02:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/01 21:00:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 21:00:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 20:59:48 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\James Costelllo\NTUSER.DAT
[2010/09/01 20:59:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\James Costelllo\ntuser.ini
[2010/09/01 20:41:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 18:02:07 | 064,183,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/12 09:10:44 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 08:53:21 | 000,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 08:46:37 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 08:46:37 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 08:46:37 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/03 18:28:13 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/03 18:17:51 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 08:15:09 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 22:17:30 | 000,005,882 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\Router_Setup.html
[2010/07/29 18:10:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\CCleaner.lnk
[2010/07/25 16:49:40 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 16:49:40 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/20 23:10:46 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\router error.doc
[2010/07/17 23:17:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/16 08:54:40 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 08:54:35 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 08:52:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/10 08:44:18 | 006,945,530 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\readymade_final_flat.tif
[2010/07/04 07:19:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/15 21:31:15 | 000,047,983 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\image003-300x106.png
[2010/06/09 20:11:23 | 000,300,032 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\Hts Dems List.doc
[2010/06/05 11:26:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2010/09/01 20:41:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 18:28:13 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/02 08:15:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 22:17:30 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\Router Login.url
[2010/07/30 22:17:27 | 000,005,882 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\Router_Setup.html
[2010/07/20 17:49:34 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\router error.doc
[2010/07/10 08:44:07 | 006,945,530 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\readymade_final_flat.tif
[2010/06/15 21:31:03 | 000,047,983 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\image003-300x106.png
[2010/06/09 20:11:22 | 000,300,032 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\Hts Dems List.doc
[2009/11/24 21:51:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\prvlcl.dat
[2009/07/25 12:35:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/07/10 17:42:32 | 000,038,454 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Comma Separated Values (Windows).ADR
[2009/03/16 19:09:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\$_hpcst$.hpc
[2006/07/25 08:10:18 | 000,038,487 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Comma Separated Values (DOS).ADR
[2006/05/09 09:47:52 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.dll
[2006/03/22 15:28:06 | 000,022,074 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Tab Separated Values (DOS).ADR
[2006/03/22 15:18:35 | 000,021,892 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft Excel.ADR
[2006/03/16 10:04:08 | 000,022,766 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Tab Separated Values (Windows).ADR
[2006/02/21 09:11:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 00:44:09 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/09 15:37:36 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/20 15:06:56 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\AAC4A46772.sys
[2005/12/05 10:01:25 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/01 10:13:08 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\fusioncache.dat
[2005/11/28 14:51:38 | 000,000,325 | ---- | C] () -- C:\WINDOWS\LawWin.INI
[2005/11/25 15:59:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/21 13:49:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\PFP120JPR.{PB
[2005/11/21 13:49:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\PFP120JCM.{PB
[2005/11/14 20:24:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/14 20:16:10 | 000,000,558 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/14 20:06:09 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/11/14 19:42:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/14 19:41:48 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/22 14:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/26 18:15:59 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/31 19

52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\hllapi32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/18 08:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/16 14:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rkfree
[2005/11/14 20:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/18 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 21:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 23:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/23 12:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Ericom
[2009/09/27 18:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Free Labs
[2005/12/21 12:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Leadertech
[2006/02/24 11:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Learn2.com
[2005/12/07 10:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Qualcomm
[2009/02/22 19:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Snapfish
[2010/07/04 07:19:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/03 11:07:25 | 000,007,164 | ---- | M] () -- C:\aaw7boot.log
[2009/06/19 18:35:48 | 000,032,370 | ---- | M] () -- C:\ASLog.txt
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001
[2006/05/09 09:47:55 | 000,000,020 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/12/09 15:58:47 | 000,001,953 | ---- | M] () -- C:\Bills.html
[2009/12/30 09:04:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/04/04 16:48:31 | 000,002,019 | ---- | M] () -- C:\Career.html
[2005/11/23 15:46:42 | 000,002,135 | ---- | M] () -- C:\Case.html
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/14 19:46:00 | 000,005,105 | RH-- | M] () -- C:\dell.sdr
[2009/08/11 06:51:11 | 000,005,034 | ---- | M] () -- C:\Home Page.html
[2005/11/25 16:20:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2006/05/09 11:19:26 | 000,000,162 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/14 20:13:22 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/11/23 15:46:43 | 000,001,537 | ---- | M] () -- C:\News.html
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/20 00:22:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/01 21:00:37 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2006/01/03 09:35:32 | 000,000,000 | ---- | M] () -- C:\palsound.txt
[2005/11/23 15:46:42 | 000,001,385 | ---- | M] () -- C:\Recipes.html
[2005/11/23 15:46:42 | 000,001,489 | ---- | M] () -- C:\Search.html
[2005/11/14 20:13:36 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2005/11/23 15:46:42 | 000,001,733 | ---- | M] () -- C:\Wedding.html
[2008/08/13 18:47:13 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14

48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 14

46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 14

46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

**broni** · 02-09-2010

Welcome aboard

Your MBR seems to be infected.

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

**jamesjcostello** · 02-09-2010

Thanks for your help. I have attached the two most recent MBRCheck text documents.

**broni** · 02-09-2010

Please, always paste all logs into your reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0060000c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8B32000 \WINDOWS\system32\KDCOM.DLL
0xF8A42000 \WINDOWS\system32\BOOTVID.dll
0xF8632000 dsapd.sys
0xF8503000 ACPI.sys
0xF8B34000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84F2000 pci.sys
0xF8642000 isapnp.sys
0xF8A46000 compbatt.sys
0xF8A4A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8BFA000 pciide.sys
0xF88B2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D4000 pcmcia.sys
0xF8652000 MountMgr.sys
0xF84B5000 ftdisk.sys
0xF88BA000 PartMgr.sys
0xF8662000 VolSnap.sys
0xF849D000 atapi.sys
0xF8672000 disk.sys
0xF8682000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF847D000 fltmgr.sys
0xF846B000 sr.sys
0xF8455000 drvmcdb.sys
0xF8692000 PxHelp20.sys
0xF843E000 KSecDD.sys
0xF83B1000 Ntfs.sys
0xF8384000 NDIS.sys
0xF86A2000 ohci1394.sys
0xF86B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF836A000 Mup.sys
0xF86D2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF88A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8AFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF744E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF743A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8942000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7416000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF894A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF86E2000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7402000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF73A7000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7364000 \SystemRoot\system32\drivers\STAC97.sys
0xF7340000 \SystemRoot\system32\drivers\portcls.sys
0xF86F2000 \SystemRoot\system32\drivers\drmk.sys
0xF731D000 \SystemRoot\system32\drivers\ks.sys
0xF72EC000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF71ED000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7145000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8952000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8702000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF712B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF895A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8962000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7615000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B56000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7605000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75F5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF896A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF75E5000 \SystemRoot\system32\drivers\ateksoftaudio.sys
0xF8CC3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B06000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7114000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8972000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7103000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75A5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF897A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8982000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7595000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B5A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF707D000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B16000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF898A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7585000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8722000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8B5E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8319000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B64000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D66000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B66000 \SystemRoot\System32\Drivers\Beep.SYS
0xF899A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF89A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF89AA000 \SystemRoot\System32\drivers\vga.sys
0xF8B68000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8311000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6D2000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAA6AC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8732000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8742000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8ADA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8752000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8ADE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA65C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA63A000 \SystemRoot\System32\drivers\afd.sys
0xF8762000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA56F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA4FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8782000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89C2000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAA4CB000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF8AEE000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF87A2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA4B3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B74000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA7BC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF89D2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D00000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8872000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8C69000 \SystemRoot\system32\dla\tfsndres.sys
0xAA35D000 \SystemRoot\system32\dla\tfsnifs.sys
0xF8AB2000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8B82000 \SystemRoot\system32\dla\tfsnpool.sys
0xF89F2000 \SystemRoot\system32\dla\tfsnboio.sys
0xF8882000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C6A000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA344000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA32B000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA39B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA397000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9FF6000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA60A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9EB3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA053000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9DE4000 \SystemRoot\system32\DRIVERS\srv.sys
0xA955B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9314000 \??\C:\DOCUME~1\JAMESC~1\LOCALS~1\Temp\uxtdapow.sy s
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
736 C:\WINDOWS\system32\smss.exe
812 csrss.exe
836 C:\WINDOWS\system32\winlogon.exe
880 C:\WINDOWS\system32\services.exe
892 C:\WINDOWS\system32\lsass.exe
1064 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1452 C:\Program Files\AVG\AVG9\avgchsvx.exe
1460 C:\Program Files\AVG\AVG9\avgrsx.exe
1624 svchost.exe
1668 C:\Program Files\AVG\AVG9\avgcsrvx.exe
208 C:\WINDOWS\system32\WLTRYSVC.EXE
216 C:\WINDOWS\system32\BCMWLTRY.EXE
324 C:\WINDOWS\system32\spoolsv.exe
184 svchost.exe
372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
416 C:\Program Files\AVG\AVG9\avgwdsvc.exe
448 C:\Program Files\Bonjour\mDNSResponder.exe
556 C:\WINDOWS\system32\cisvc.exe
780 C:\Program Files\Java\jre6\bin\jqs.exe
1428 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1832 C:\WINDOWS\system32\svchost.exe
2020 C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
392 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1616 C:\WINDOWS\explorer.exe
1956 C:\Program Files\AVG\AVG9\avgemc.exe
2068 C:\Program Files\AVG\AVG9\avgnsx.exe
2260 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2368 wmiprvse.exe
2644 C:\Program Files\Apoint\Apoint.exe
2672 C:\WINDOWS\system32\WLTRAY.EXE
2720 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2740 C:\WINDOWS\system32\dla\tfswctrl.exe
2780 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2852 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2872 C:\WINDOWS\system32\igfxpers.exe
2892 C:\Program Files\Dell\QuickSet\quickset.exe
3016 C:\Program Files\Apoint\ApntEx.exe
3140 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3528 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
3856 alg.exe
3504 C:\WINDOWS\system32\svchost.exe
3820 C:\Program Files\Mozilla Firefox\firefox.exe
4024 C:\Program Files\Mozilla Firefox\plugin-container.exe
1912 C:\WINDOWS\system32\wuauclt.exe
1332 C:\Documents and Settings\James Costelllo\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD400VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

================================================== ===

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8B32000 \WINDOWS\system32\KDCOM.DLL
0xF8A42000 \WINDOWS\system32\BOOTVID.dll
0xF8503000 ACPI.sys
0xF8B34000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84F2000 pci.sys
0xF8632000 isapnp.sys
0xF8A46000 compbatt.sys
0xF8A4A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8BFA000 pciide.sys
0xF88B2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8B36000 intelide.sys
0xF84D4000 pcmcia.sys
0xF8642000 MountMgr.sys
0xF84B5000 ftdisk.sys
0xF88BA000 PartMgr.sys
0xF8652000 VolSnap.sys
0xF849D000 atapi.sys
0xF8662000 disk.sys
0xF8672000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF847D000 fltmgr.sys
0xF846B000 sr.sys
0xF8455000 drvmcdb.sys
0xF8682000 PxHelp20.sys
0xF843E000 KSecDD.sys
0xF83B1000 Ntfs.sys
0xF8384000 NDIS.sys
0xF8692000 ohci1394.sys
0xF86A2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF836A000 Mup.sys
0xF86C2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF8862000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8AF6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7371000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF735D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF893A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7339000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8942000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8872000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7325000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF72CA000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7287000 \SystemRoot\system32\drivers\STAC97.sys
0xF7263000 \SystemRoot\system32\drivers\portcls.sys
0xF8882000 \SystemRoot\system32\drivers\drmk.sys
0xF7240000 \SystemRoot\system32\drivers\ks.sys
0xF720F000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7110000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7068000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF894A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8892000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF704E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF8952000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF895A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF88A2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B56000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7538000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7528000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8962000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7518000 \SystemRoot\system32\drivers\ateksoftaudio.sys
0xF8C90000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7508000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B02000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7037000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF74F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF74E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF896A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7026000 \SystemRoot\system32\DRIVERS\psched.sys
0xF74D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF897A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8982000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF74C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B58000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6FC8000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B12000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF898A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF74B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86D2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8B5A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF831D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B60000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D5E000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B62000 \SystemRoot\System32\Drivers\Beep.SYS
0xF899A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF89A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF89AA000 \SystemRoot\System32\drivers\vga.sys
0xF8B64000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8315000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6D2000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAA6AC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA684000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA662000 \SystemRoot\System32\drivers\afd.sys
0xF8712000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA637000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8732000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89CA000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAA593000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF8742000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8752000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8AEA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8762000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF6FC0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA7A4000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF87E2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA4B3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8BBA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA56B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A02000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C3A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA53B000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8D31000 \SystemRoot\system32\dla\tfsndres.sys
0xAA35D000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA56F000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8BD2000 \SystemRoot\system32\dla\tfsnpool.sys
0xF8A2A000 \SystemRoot\system32\dla\tfsnboio.sys
0xAA52B000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8D32000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA344000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA32B000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA393000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA38F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9FF6000 \SystemRoot\system32\drivers\wdmaud.sys
0xF8722000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9DE3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA197000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9D14000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9693000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
732 C:\WINDOWS\system32\smss.exe
808 csrss.exe
832 C:\WINDOWS\system32\winlogon.exe
876 C:\WINDOWS\system32\services.exe
888 C:\WINDOWS\system32\lsass.exe
1060 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1280 C:\WINDOWS\system32\svchost.exe
1364 svchost.exe
1480 C:\Program Files\AVG\AVG9\avgchsvx.exe
1488 C:\Program Files\AVG\AVG9\avgrsx.exe
1620 svchost.exe
1696 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1920 C:\WINDOWS\system32\WLTRYSVC.EXE
2016 C:\WINDOWS\system32\BCMWLTRY.EXE
288 C:\WINDOWS\system32\spoolsv.exe
128 svchost.exe
324 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
348 C:\Program Files\AVG\AVG9\avgwdsvc.exe
436 C:\Program Files\Bonjour\mDNSResponder.exe
528 C:\WINDOWS\system32\cisvc.exe
248 C:\Program Files\Java\jre6\bin\jqs.exe
1172 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1436 C:\WINDOWS\system32\svchost.exe
1760 C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
568 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
584 C:\Program Files\AVG\AVG9\avgemc.exe
780 C:\Program Files\AVG\AVG9\avgnsx.exe
648 C:\WINDOWS\system32\wuauclt.exe
1412 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2368 wmiprvse.exe
2604 C:\WINDOWS\explorer.exe
2876 alg.exe
3876 C:\Program Files\Apoint\Apoint.exe
3892 C:\WINDOWS\system32\WLTRAY.EXE
4092 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
228 C:\Program Files\Apoint\ApntEx.exe
576 C:\WINDOWS\system32\svchost.exe
784 C:\WINDOWS\system32\dla\tfswctrl.exe
2200 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2408 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2480 C:\WINDOWS\system32\igfxpers.exe
2428 C:\Program Files\Dell\QuickSet\quickset.exe
2788 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
2944 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
2940 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
2640 C:\Program Files\Mozilla Firefox\firefox.exe
3708 C:\Documents and Settings\James Costelllo\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD400VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**broni** · 02-09-2010

Our fix didn't work, so we have to use different method.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**jamesjcostello** · 03-09-2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8B32000 \WINDOWS\system32\KDCOM.DLL
0xF8A42000 \WINDOWS\system32\BOOTVID.dll
0xF8503000 ACPI.sys
0xF8B34000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84F2000 pci.sys
0xF8632000 isapnp.sys
0xF8A46000 compbatt.sys
0xF8A4A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8BFA000 pciide.sys
0xF88B2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8B36000 intelide.sys
0xF84D4000 pcmcia.sys
0xF8642000 MountMgr.sys
0xF84B5000 ftdisk.sys
0xF88BA000 PartMgr.sys
0xF8652000 VolSnap.sys
0xF849D000 atapi.sys
0xF8662000 disk.sys
0xF8672000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF847D000 fltmgr.sys
0xF846B000 sr.sys
0xF8455000 drvmcdb.sys
0xF8682000 PxHelp20.sys
0xF843E000 KSecDD.sys
0xF83B1000 Ntfs.sys
0xF8384000 NDIS.sys
0xF8692000 ohci1394.sys
0xF86A2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF836A000 Mup.sys
0xF8732000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF8832000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8AE6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF81DA000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF81C6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF895A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF81A2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8962000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8842000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF818E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF8133000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF80F0000 \SystemRoot\system32\drivers\STAC97.sys
0xF80CC000 \SystemRoot\system32\drivers\portcls.sys
0xF8852000 \SystemRoot\system32\drivers\drmk.sys
0xF80A9000 \SystemRoot\system32\drivers\ks.sys
0xF8078000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7F79000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7ED1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF896A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8862000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7EB7000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF8972000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF897A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8872000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B52000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8882000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8892000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8982000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF88A2000 \SystemRoot\system32\drivers\ateksoftaudio.sys
0xF8C96000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF86C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8AF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7EA0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF86D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF86E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF898A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7DEF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF86F2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8992000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF899A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8702000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B54000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7D69000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B06000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF89A2000 \SystemRoot\system32\DRIVERS\omci.sys
0xF8712000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8742000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8B58000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8329000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B60000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8CAD000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B62000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89BA000 \SystemRoot\system32\drivers\ssrtln.sys
0xF89C2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF89CA000 \SystemRoot\System32\drivers\vga.sys
0xF8B64000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89D2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8321000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA94E1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9488000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA944E000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA9428000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8752000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8762000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8AC6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8772000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8ACA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA93D8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA93B6000 \SystemRoot\System32\drivers\afd.sys
0xF87B2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA92EB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA927B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF87D2000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89F2000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA9247000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF8B02000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF8802000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA922F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B9A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF832D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A32000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D6F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF87A2000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8CC8000 \SystemRoot\system32\dla\tfsndres.sys
0xA90D9000 \SystemRoot\system32\dla\tfsnifs.sys
0xA9163000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8BAE000 \SystemRoot\system32\dla\tfsnpool.sys
0xF88DA000 \SystemRoot\system32\dla\tfsnboio.sys
0xA93A6000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C41000 \SystemRoot\system32\dla\tfsndrct.sys
0xA90C0000 \SystemRoot\system32\dla\tfsnudf.sys
0xA90A7000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA910B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA9107000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8D4A000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7E00000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8B37000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8B6C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8A68000 \SystemRoot\system32\DRIVERS\srv.sys
0xA840F000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
736 C:\WINDOWS\system32\smss.exe
808 csrss.exe
832 C:\WINDOWS\system32\winlogon.exe
876 C:\WINDOWS\system32\services.exe
888 C:\WINDOWS\system32\lsass.exe
1060 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1364 svchost.exe
1468 C:\Program Files\AVG\AVG9\avgchsvx.exe
1476 C:\Program Files\AVG\AVG9\avgrsx.exe
1552 svchost.exe
1716 C:\Program Files\AVG\AVG9\avgcsrvx.exe
152 C:\WINDOWS\system32\WLTRYSVC.EXE
160 C:\WINDOWS\system32\BCMWLTRY.EXE
340 C:\WINDOWS\system32\spoolsv.exe
424 svchost.exe
1896 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
488 C:\Program Files\AVG\AVG9\avgwdsvc.exe
508 C:\Program Files\Bonjour\mDNSResponder.exe
588 C:\WINDOWS\system32\cisvc.exe
628 C:\Program Files\Java\jre6\bin\jqs.exe
1200 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1260 C:\WINDOWS\system32\svchost.exe
1408 C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
1708 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
780 C:\Program Files\AVG\AVG9\avgemc.exe
464 C:\WINDOWS\system32\wuauclt.exe
1176 C:\Program Files\AVG\AVG9\avgnsx.exe
1968 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2448 C:\WINDOWS\explorer.exe
2644 wmiprvse.exe
2944 alg.exe
2996 C:\Program Files\Apoint\Apoint.exe
3012 C:\WINDOWS\system32\WLTRAY.EXE
3032 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3208 C:\WINDOWS\system32\dla\tfswctrl.exe
3472 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3604 C:\Program Files\Apoint\ApntEx.exe
3612 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3712 C:\WINDOWS\system32\igfxpers.exe
1420 C:\Program Files\Dell\QuickSet\quickset.exe
1740 wmiprvse.exe
2292 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
2864 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
2888 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
3268 C:\WINDOWS\system32\svchost.exe
2268 C:\Program Files\Mozilla Firefox\firefox.exe
2560 C:\WINDOWS\system32\taskmgr.exe
1212 C:\Program Files\Mozilla Firefox\plugin-container.exe
3836 C:\Documents and Settings\James Costelllo\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD400VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**broni** · 04-09-2010

Good job!
Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**jamesjcostello** · 04-09-2010

ComboFix 10-09-03.01 - James Costelllo 09/03/2010 21:23:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.302 [GMT -4:00]
Running from: c:\documents and settings\James Costelllo\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\bszip.dll
c:\windows\system32\Thumbs.db

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-02 00:41 . 2010-09-02 00:41 -------- d-----w- c:\documents and settings\James Costelllo\Application Data\Malwarebytes
2010-09-02 00:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 00:40 . 2010-09-02 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 00:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 00:40 . 2010-09-02 00:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-04 01:16 . 2009-11-25 01:51 0 ----a-w- c:\documents and settings\James Costelllo\Local Settings\Application Data\prvlcl.dat
2010-08-25 12:29 . 2010-08-03 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-25 11:55 . 2006-06-28 18:31 -------- d-----w- c:\documents and settings\James Costelllo\Application Data\Yahoo!
2010-08-03 22:31 . 2007-08-06 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-03 22:31 . 2005-12-16 13:31 -------- d-----w- c:\program files\Yahoo!
2010-08-03 22:24 . 2010-08-03 22:24 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-03 10:51 . 2010-08-03 10:51 503808 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4c4d50a0-n\msvcp71.dll
2010-08-03 10:51 . 2010-08-03 10:51 499712 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4c4d50a0-n\jmc.dll
2010-08-03 10:51 . 2010-08-03 10:51 348160 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4c4d50a0-n\msvcr71.dll
2010-08-03 10:51 . 2010-08-03 10:51 61440 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-27c0b6df-n\decora-sse.dll
2010-08-03 10:51 . 2010-08-03 10:51 12800 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-27c0b6df-n\decora-d3d.dll
2010-08-02 12:14 . 2010-06-21 23:16 -------- d-----w- c:\program files\iTunes
2010-08-02 12:11 . 2010-08-02 12:11 -------- d-----w- c:\program files\iPod
2010-08-02 12:11 . 2009-06-18 03:12 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 11:56 . 2010-08-02 11:56 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-30 00:52 . 2006-01-09 19:37 -------- d-----w- c:\program files\Cisco Systems
2010-07-30 00:51 . 2005-11-15 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-29 22:10 . 2009-06-20 01:57 -------- d-----w- c:\program files\CCleaner
2010-07-16 12:54 . 2009-04-09 02:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:54 . 2010-07-16 12:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:52 . 2009-04-09 02:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-10 18:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-11-14 23:41 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 18:51 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-10 19:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 18:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-06-01 14:41 . 2006-06-01 14:41 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-06-01 14:41 . 2006-06-01 14:41 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2006-02-24 14:42 . 2005-12-20 19:06 56 --sh--r- c:\windows\system32\AAC4A46772.sys
2006-06-30 12:59 . 2006-02-17 04:44 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 12:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4200 Series]
2005-03-08 08:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIA EA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-20 05:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-02-18 18:10 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ptermX.exe"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\PC\\Ateksoft\\WebCamera Plus\\camviewer.exe"=
"c:\\Program Files\\Ateksoft\\WebCamera Plus\\WebCamPlusSrv.exe"=
"c:\\Program Files\\Ateksoft\\WebCamera Plus\\camviewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"\\\\Pc\\my music\\iTunes.exe"=
"\\\\Pc\\E\\My Music\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/8/2009 10:14 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/8/2009 10:14 PM 243024]
R3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sy s [2/24/2009 11:19 PM 11776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [8/13/2008 7:12 PM 899884]
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {C1ECC9B2-75B2-4490-8040-B8A107F45DC2} - hxxp://mail.waynecountycourthouse.com/PublicActiveX/ptermX.CAB
DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} - hxxp://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx
FF - ProfilePath - c:\documents and settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Home%20Page.html
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer , truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-03 21:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-09-03 21:35:51
ComboFix-quarantined-files.txt 2010-09-04 01:35

Pre-Run: 17,525,510,144 bytes free
Post-Run: 17,482,625,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 36D828F637018A9FB8C961B0F152DC0E

**broni** · 04-09-2010

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\AAC4A46772.sys

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**jamesjcostello** · 04-09-2010

ComboFix 10-09-03.01 - James Costelllo 09/03/2010 21:59:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.206 [GMT -4:00]
Running from: c:\documents and settings\James Costelllo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James Costelllo\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\AAC4A46772.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AAC4A46772.sys

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-02 00:41 . 2010-09-02 00:41 -------- d-----w- c:\documents and settings\James Costelllo\Application Data\Malwarebytes
2010-09-02 00:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 00:40 . 2010-09-02 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 00:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 00:40 . 2010-09-02 00:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-04 01:16 . 2009-11-25 01:51 0 ----a-w- c:\documents and settings\James Costelllo\Local Settings\Application Data\prvlcl.dat
2010-08-25 12:29 . 2010-08-03 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-25 11:55 . 2006-06-28 18:31 -------- d-----w- c:\documents and settings\James Costelllo\Application Data\Yahoo!
2010-08-03 22:31 . 2007-08-06 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-03 22:31 . 2005-12-16 13:31 -------- d-----w- c:\program files\Yahoo!
2010-08-03 22:24 . 2010-08-03 22:24 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-03 10:51 . 2010-08-03 10:51 503808 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4c4d50a0-n\msvcp71.dll
2010-08-03 10:51 . 2010-08-03 10:51 499712 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4c4d50a0-n\jmc.dll
2010-08-03 10:51 . 2010-08-03 10:51 348160 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4c4d50a0-n\msvcr71.dll
2010-08-03 10:51 . 2010-08-03 10:51 61440 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-27c0b6df-n\decora-sse.dll
2010-08-03 10:51 . 2010-08-03 10:51 12800 ----a-w- c:\documents and settings\James Costelllo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-27c0b6df-n\decora-d3d.dll
2010-08-02 12:14 . 2010-06-21 23:16 -------- d-----w- c:\program files\iTunes
2010-08-02 12:11 . 2010-08-02 12:11 -------- d-----w- c:\program files\iPod
2010-08-02 12:11 . 2009-06-18 03:12 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 11:56 . 2010-08-02 11:56 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-30 00:52 . 2006-01-09 19:37 -------- d-----w- c:\program files\Cisco Systems
2010-07-30 00:51 . 2005-11-15 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-29 22:10 . 2009-06-20 01:57 -------- d-----w- c:\program files\CCleaner
2010-07-16 12:54 . 2009-04-09 02:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:54 . 2010-07-16 12:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:52 . 2009-04-09 02:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-10 18:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-11-14 23:41 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 18:51 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-10 19:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 18:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-06-01 14:41 . 2006-06-01 14:41 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-06-01 14:41 . 2006-06-01 14:41 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2006-06-30 12:59 . 2006-02-17 04:44 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 12:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4200 Series]
2005-03-08 08:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIA EA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-20 05:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-02-18 18:10 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ptermX.exe"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\PC\\Ateksoft\\WebCamera Plus\\camviewer.exe"=
"c:\\Program Files\\Ateksoft\\WebCamera Plus\\WebCamPlusSrv.exe"=
"c:\\Program Files\\Ateksoft\\WebCamera Plus\\camviewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"\\\\Pc\\my music\\iTunes.exe"=
"\\\\Pc\\E\\My Music\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/8/2009 10:14 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/8/2009 10:14 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 8:52 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:54 AM 308136]
R3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sy s [2/24/2009 11:19 PM 11776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Webcamera Plus Service;Webcamera Plus Service;c:\program files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe [2/24/2009 11:19 PM 46592]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [8/13/2008 7:12 PM 899884]
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {C1ECC9B2-75B2-4490-8040-B8A107F45DC2} - hxxp://mail.waynecountycourthouse.com/PublicActiveX/ptermX.CAB
DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} - hxxp://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx
FF - ProfilePath - c:\documents and settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Home%20Page.html
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer , truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-03 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-09-03 22:10:53
ComboFix-quarantined-files.txt 2010-09-04 02:10
ComboFix2.txt 2010-09-04 01:35

Pre-Run: 17,497,387,008 bytes free
Post-Run: 17,481,846,784 bytes free

- - End Of File - - 53ADC4CE25E5D2EB853C2FA21AF52B2E

Is it clean?

Is it clean?

Similar Threads

Am i clean?

Clean or not too clean? That is the question...

clean-up

Is this a clean log?

i want to know if I'm clean