Google Link goes to Ad Pag

December 22, 2009 at 14:34:19
Specs: Windows XP
When I click on a google link it takes me to an ad page. If I go back and then click the link again it takes me to the correct site.

See More: Google Link goes to Ad Pag

Report •


#1
December 22, 2009 at 15:02:21
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Next, please download DEFFOGER to you desktop from this link:

DEFOGGER

1. Double click DeFogger to run the tool.
2. When the utility opens click the Disable button to disable your CD Emulation drivers
3. Click Yes to continue
4. A 'Finished!' message will appear
5. Click OK
6. DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until the instruction is given.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Gmer.exe

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 23, 2009 at 04:42:04
Thanx jabuck
Here are the logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Barry at 2009-12-22 20:45:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (36%) free of 38 GB
Total RAM: 959 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:35 PM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScottradeELITE\ScottradeELITEClientUpdater.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\UltimateBet\mainclient.exe
C:\Program Files\UltimateBet\aphh.exe
C:\Documents and Settings\Barry\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Barry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [browsemap64] rundll32.exe "C:\Documents and Settings\Barry\Local Settings\Application Data\browsemap64\browsemap64.dll", DllInit
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Barry\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Barry\Start Menu\Programs\UB\UB.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitS...
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celartem.com/en/downlo...
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpCo...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gm...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/instal...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nikken.webex.com/client/T27L/training/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE

--
End of file - 8310 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\One-Click Tweak.job
C:\WINDOWS\tasks\PC Optimizer Pro.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{055F926C-A4EE-4D1D-BDC9-C13AC6559DFA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-16 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-16 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-16 256112]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-12 2033432]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-31 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-29 68856]
"browsemap64"=C:\Documents and Settings\Barry\Local Settings\Application Data\browsemap64\browsemap64.dll [2009-12-09 73728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe [2009-07-17 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-11-26 788880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-11-26 788880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo R260 Series on DREAM]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE [2006-10-17 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\carpserv]
C:\WINDOWS\system32\carpserv.exe [2003-05-21 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
C:\WINDOWS\system32\carpserv.exe [2003-05-21 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
C:\WINDOWS\system32\conime.exe [2008-04-13 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000MUI]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-04-07 1511424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.EXE [2009-04-07 1511424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE [2006-10-17 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E_S92]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE [2006-10-17 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E_SA1]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE [2006-10-17 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-07-21 122368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleQuickSearchBox]
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-07-21 122368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-29 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3PLUGIN]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
C:\Program Files\QuickTime\qttask.exe [2008-10-31 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-10-31 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader_sl]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
C:\Program Files\SPAMfighter\SFAgent.exe update delay 60 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUp]
C:\Program Files\Speeditup Free\SpeedItUp.exe [2009-11-13 2274816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
C:\Program Files\Speeditup Free\SpeedItUp.exe [2009-11-13 2274816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-29 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2005-02-24 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Barry^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakSvc"=2
"gusvc"=3
"aawservice"=2
"JavaQuickStarterService"=2
"OKI OPHD DCS Loader"=2
"Bonjour Service"=2
"WMPNetworkSvc"=3
"pgsql-8.3"=2
"Kodak AiO Network Discovery Service"=2
"idsvc"=3
"IDriverT"=3
"Symantec RemoteAssist"=3
"SPAMfighter Update Service"=2
"Lavasoft Ad-Aware Service"=2
"EPSON_PM_RPCV4_01"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-26 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Cybered\Algebra Equation Solver\AEqSolvr.exe"="C:\Program Files\Cybered\Algebra Equation Solver\AEqSolvr.exe:*:Enabled:Algebra Equation Solver"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{180e6841-453a-11dd-b50a-806d6172696f}]
shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"


======List of files/folders created in the last 1 months======

2009-12-22 20:45:15 ----D---- C:\rsit
2009-12-20 11:57:03 ----D---- C:\Program Files\Trend Micro
2009-12-18 10:01:27 ----D---- C:\Documents and Settings\Barry\Application Data\Yahoo!
2009-12-18 10:01:18 ----D---- C:\Program Files\Yahoo!
2009-12-10 11:22:10 ----D---- C:\dad5774f2f4231eafe199d
2009-12-06 10:58:28 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-28 19:57:18 ----D---- C:\Documents and Settings\Barry\Application Data\K9
2009-11-28 19:56:10 ----D---- C:\Program Files\KeirNet
2009-11-25 22:18:41 ----D---- C:\Program Files\CCleaner
2009-11-25 21:40:04 ----D---- C:\Program Files\UltimateBet
2009-11-25 21:40:04 ----D---- C:\Documents and Settings\Barry\Application Data\UB
2009-11-25 08:27:30 ----D---- C:\Program Files\MSXML 4.0

======List of files/folders modified in the last 1 months======

2009-12-22 19:40:59 ----D---- C:\WINDOWS\Temp
2009-12-22 18:46:59 ----D---- C:\WINDOWS\Prefetch
2009-12-22 17:50:57 ----D---- C:\WINDOWS
2009-12-22 16:20:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-22 09:25:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-20 19:15:00 ----D---- C:\Program Files\Full Tilt Poker
2009-12-20 11:57:03 ----RD---- C:\Program Files
2009-12-18 19:27:14 ----D---- C:\WINDOWS\system32
2009-12-18 19:27:12 ----D---- C:\Program Files\options investigator 1
2009-12-18 09:53:15 ----D---- C:\Documents and Settings\Barry\Application Data\BitTorrent
2009-12-16 21:07:08 ----D---- C:\Program Files\PokerStars
2009-12-15 16:12:23 ----D---- C:\WINDOWS\Debug
2009-12-10 13:26:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 13:23:14 ----D---- C:\Program Files\Internet Explorer
2009-12-10 12:26:06 ----HD---- C:\WINDOWS\inf
2009-12-10 12:26:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-10 12:26:01 ----D---- C:\WINDOWS\system32\drivers
2009-12-10 12:25:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 12:24:27 ----D---- C:\WINDOWS\system32\en-US
2009-12-10 12:23:37 ----D---- C:\WINDOWS\ie7updates
2009-12-06 14:20:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-06 11:49:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-04 07:28:36 ----D---- C:\Program Files\Family Tree Maker 2010
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-01 12:48:57 ----D---- C:\Program Files\Citrix
2009-11-28 19:53:42 ----SHD---- C:\WINDOWS\Installer
2009-11-28 19:53:17 ----D---- C:\Program Files\Common Files
2009-11-27 15:23:21 ----RASH---- C:\boot.ini
2009-11-27 15:23:21 ----A---- C:\WINDOWS\win.ini
2009-11-27 15:23:21 ----A---- C:\WINDOWS\system.ini
2009-11-26 16:12:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-25 22:53:16 ----SD---- C:\WINDOWS\Tasks
2009-11-25 22:36:21 ----D---- C:\WINDOWS\Minidump
2009-11-25 21:40:02 ----D---- C:\Program Files\_uninstallation_info
2009-11-25 08:27:31 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-26 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-26 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-09 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-05-21 30592]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 CALIAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\caliaud.sys [2004-02-17 292352]
R3 CALIHALA;CALIHALA; C:\WINDOWS\system32\drivers\calihal.sys [2004-02-17 273536]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver; C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2004-07-15 18432]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-08-20 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2004-12-15 1038208]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys [2004-12-15 205696]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2009-01-13 340096]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Airgo3P;NETGEAR RangeMax(TM) 240 Wireless Notebook Adapter WPNT511; C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2005-11-10 780800]
S3 ajngkxe2;ajngkxe2; C:\WINDOWS\system32\drivers\ajngkxe2.sys []
S3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-28 231552]
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-05-21 1063040]
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-06-11 580096]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; C:\WINDOWS\system32\DRIVERS\netusbxp.sys [2002-02-19 72576]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WinPhlash;WinPhlash; \??\c:\SWSetup\sp30455\PHLASHNT.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-26 285392]
R2 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE [2007-05-29 24576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 182768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [2009-05-04 279960]
S4 KodakSvc;Kodak AiO Device Service; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [2009-04-17 32768]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-26 1184912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S4 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-02-01 394704]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


Report •

#3
December 23, 2009 at 04:43:05
info.txt logfile of random's system information tool 1.06 2009-12-22 20:45:42

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
aiofw-->MsiExec.exe /I{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}
aioprnt-->MsiExec.exe /I{59B73DDC-593A-4D02-B9CA-1D8C9F912324}
aioscnnr-->MsiExec.exe /I{074AED0D-DD1C-432A-B38D-F8733604033F}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
C4USelfUpdater-->MsiExec.exe /I{48B41C3A-9A92-4B81-B653-C97FEB85C910}
Cakewalk VST Adapter 4-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}
Chessmaster Grandmaster Edition-->C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x0409
Conexant 56K ACLink Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505K.inf
Conexant AC-Link Audio -->CIAunwdm.exe
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
DreamSpell v1.2-->C:\Program Files\DreamSpell v1.2\uninst.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Family Tree Maker 2010-->"C:\Program Files\InstallShield Installation Information\{89EAD745-088B-4160-B964-42C4D4D273AD}\setup.exe" -runfromtemp -l0x0409 -removeonly
Family Tree Maker 2010-->MsiExec.exe /X{89EAD745-088B-4160-B964-42C4D4D273AD}
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
FXCM Micro Trading Station II-->C:\Program Files\Candleworks\FXTS2\uninstall.exe FXCM Micro Trading Station II
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Guitar Tracks Pro 3-->C:\PROGRA~1\Cakewalk\GUITAR~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\GUITAR~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KODAK AiO Home Center-->C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"
ksDIP-->MsiExec.exe /I{10934A28-0CC6-4B98-A14F-76B3546003AF}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft FrontPage 2000-->MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
OptionsOracle-->MsiExec.exe /I{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}
QuickBooks Pro Edition 2003-->C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Speeditup Free 4.76-->"C:\WINDOWS\Speeditup Free\uninstall.exe" "/U:C:\Program Files\Speeditup Free\irunin.xml"
Symantec Technical Support Advanced Chat Controls-->MsiExec.exe /X{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Options Toolbox v5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{302BF4A9-0AEB-41A6-8838-A9497F07B508}\Setup.exe" -uninst
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WAV to MP3 Encoder-->C:\PROGRA~1\WAVTOM~1\UNWISE.EXE C:\PROGRA~1\WAVTOM~1\INSTALL.LOG
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zuma® Deluxe-->C:\PROGRA~1\SHOCKW~1.COM\ZUMADE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ZUMADE~1\INSTALL.LOG

======Hosts File======

76.74.137.94 i.fulltiltpoker.com
76.74.137.94 app.struq.com
76.74.137.94 java.com
76.74.137.94 i.fulltiltpoker.com
76.74.137.94 app.struq.com
76.74.137.94 java.com
76.74.137.94 i.fulltiltpoker.com
76.74.137.94 app.struq.com
76.74.137.94 java.com
76.74.137.94 i.fulltiltpoker.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014D1595A3E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 39612
Source Name: Dhcp
Time Written: 20091120152437.000000-300
Event Type: warning
User:

Computer Name: LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014D1595A3E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 39610
Source Name: Dhcp
Time Written: 20091120152437.000000-300
Event Type: warning
User:

Computer Name: LAPTOP
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0014D1595A3E. The IP address being used is 169.254.3.34.

Record Number: 39603
Source Name: Dhcp
Time Written: 20091120151819.000000-300
Event Type: warning
User:

Computer Name: LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014D1595A3E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 39599
Source Name: Dhcp
Time Written: 20091120151709.000000-300
Event Type: warning
User:

Computer Name: LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014D1595A3E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 39598
Source Name: Dhcp
Time Written: 20091120151652.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: LAPTOP
Event Code: 100
Message: Timestamp: 9/21/2009 12:15:40 AM
Message: HandlingInstanceID: 6a5be67c-3070-4117-b482-3880caf58c34
An exception of type 'System.Net.WebException' occurred and was caught.
-----------------------------------------------------------------------
09/20/2009 20:15:40
Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The operation has timed out
Source : System.Web.Services
Help link :
Status : Timeout
Response :
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetWebResponse(System.Net.WebRequest)
Stack Trace : at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetResponse(WebRequest request, IAsyncResult result)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebServiceProxies.SearchService.SearchServiceWse.GetRecordStatus(Int32 providerId, String moniker, String context)
at WebServiceProxies.SearchService.Commands.GetRecordStatusCommand.DoCallService()
at Microsoft.Practices.SmartClient.Library.Commands.CommandWithCallback`2.DoExecute()

Additional Info:

MachineName : LAPTOP
TimeStamp : 9/21/2009 12:15:40 AM
FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=69cf5367912b86b4
AppDomainName : FTM.exe
ThreadIdentity : LAPTOP\Barry
WindowsIdentity : LAPTOP\Barry

Category: Exception
Priority: 0
EventId: 100
Severity: Error
Title:FTM Exception Handling
Machine: LAPTOP
Application Domain: FTM.exe
Process Id: 2500
Process Name: C:\Program Files\Family Tree Maker 2009\FTM.exe
Win32 Thread Id: 3308
Thread Name:
Extended Properties:

Record Number: 19669
Source Name: Family Tree Maker
Time Written: 20090920201540.000000-240
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 100
Message: Timestamp: 9/21/2009 12:13:40 AM
Message: HandlingInstanceID: 8d5dddb8-fe78-411f-ba3e-a86d6fa00a73
An exception of type 'System.Net.WebException' occurred and was caught.
-----------------------------------------------------------------------
09/20/2009 20:13:40
Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The operation has timed out
Source : System.Web.Services
Help link :
Status : Timeout
Response :
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetWebResponse(System.Net.WebRequest)
Stack Trace : at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetResponse(WebRequest request, IAsyncResult result)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebServiceProxies.SearchService.SearchServiceWse.GetHint(Int32 providerId, SearchCriteriaType criteria)
at WebServiceProxies.SearchService.Commands.GetHintCommand.DoCallService()
at Microsoft.Practices.SmartClient.Library.Commands.CommandWithCallback`2.DoExecute()

Additional Info:

MachineName : LAPTOP
TimeStamp : 9/21/2009 12:13:40 AM
FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=69cf5367912b86b4
AppDomainName : FTM.exe
ThreadIdentity : LAPTOP\Barry
WindowsIdentity : LAPTOP\Barry

Category: Exception
Priority: 0
EventId: 100
Severity: Error
Title:FTM Exception Handling
Machine: LAPTOP
Application Domain: FTM.exe
Process Id: 2500
Process Name: C:\Program Files\Family Tree Maker 2009\FTM.exe
Win32 Thread Id: 1276
Thread Name:
Extended Properties:

Record Number: 19668
Source Name: Family Tree Maker
Time Written: 20090920201340.000000-240
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 100
Message: Timestamp: 9/20/2009 10:53:47 PM
Message: HandlingInstanceID: 936a4106-e74c-4a3b-8bbc-21cb434b6d7f
An exception of type 'System.Net.WebException' occurred and was caught.
-----------------------------------------------------------------------
09/20/2009 18:53:46
Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The underlying connection was closed: An unexpected error occurred on a receive.
Source : System.Web.Services
Help link :
Status : ReceiveFailure
Response :
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetWebResponse(System.Net.WebRequest)
Stack Trace : at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetResponse(WebRequest request, IAsyncResult result)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebServiceProxies.SearchService.SearchServiceWse.GetTemplate(Int32 providerId, SearchCriteriaType criteria)
at WebServiceProxies.SearchService.Commands.GetTemplateCommand.DoCallService()
at Microsoft.Practices.SmartClient.Library.Commands.CommandWithCallback`2.DoExecute()

Additional Info:

MachineName : LAPTOP
TimeStamp : 9/20/2009 10:53:46 PM
FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=69cf5367912b86b4
AppDomainName : FTM.exe
ThreadIdentity : LAPTOP\Barry
WindowsIdentity : LAPTOP\Barry
Inner Exception
---------------
Type : System.IO.IOException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Source : System
Help link :
Data : System.Collections.ListDictionaryInternal
TargetSite : Int32 Read(Byte[], Int32, Int32)
Stack Trace : at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)

Inner Exception
---------------
Type : System.Net.Sockets.SocketException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : An existing connection was forcibly closed by the remote host
Source : System
Help link :
ErrorCode : 10054
SocketErrorCode : ConnectionReset
NativeErrorCode : 10054
Data : System.Collections.ListDictionaryInternal
TargetSite : Int32 Receive(Byte[], Int32, Int32, System.Net.Sockets.SocketFlags)
Stack Trace : at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)


Category: Exception
Priority: 0
EventId: 100
Severity: Error
Title:FTM Exception Handling
Machine: LAPTOP
Application Domain: FTM.exe
Process Id: 2500
Process Name: C:\Program Files\Family Tree Maker 2009\FTM.exe
Win32 Thread Id: 3308
Thread Name:
Extended Properties:

Record Number: 19667
Source Name: Family Tree Maker
Time Written: 20090920185347.000000-240
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 100
Message: Timestamp: 9/20/2009 10:42:09 PM
Message: HandlingInstanceID: 1ba98974-a6ff-4ef5-96cb-38257b1122e8
An exception of type 'System.Net.WebException' occurred and was caught.
-----------------------------------------------------------------------
09/20/2009 18:42:09
Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The operation has timed out
Source : System.Web.Services
Help link :
Status : Timeout
Response :
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetWebResponse(System.Net.WebRequest)
Stack Trace : at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetResponse(WebRequest request, IAsyncResult result)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebServiceProxies.SearchService.SearchServiceWse.GetHint(Int32 providerId, SearchCriteriaType criteria)
at WebServiceProxies.SearchService.Commands.GetHintCommand.DoCallService()
at Microsoft.Practices.SmartClient.Library.Commands.CommandWithCallback`2.DoExecute()

Additional Info:

MachineName : LAPTOP
TimeStamp : 9/20/2009 10:42:09 PM
FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=69cf5367912b86b4
AppDomainName : FTM.exe
ThreadIdentity : LAPTOP\Barry
WindowsIdentity : LAPTOP\Barry

Category: Exception
Priority: 0
EventId: 100
Severity: Error
Title:FTM Exception Handling
Machine: LAPTOP
Application Domain: FTM.exe
Process Id: 2500
Process Name: C:\Program Files\Family Tree Maker 2009\FTM.exe
Win32 Thread Id: 1276
Thread Name:
Extended Properties:

Record Number: 19666
Source Name: Family Tree Maker
Time Written: 20090920184209.000000-240
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 100
Message: Timestamp: 9/20/2009 10:41:08 PM
Message: HandlingInstanceID: 7ddca1cb-3d91-4b85-99f8-1eaf12ed399d
An exception of type 'System.Net.WebException' occurred and was caught.
-----------------------------------------------------------------------
09/20/2009 18:41:08
Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The operation has timed out
Source : System.Web.Services
Help link :
Status : Timeout
Response :
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetWebResponse(System.Net.WebRequest)
Stack Trace : at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetResponse(WebRequest request, IAsyncResult result)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebServiceProxies.SearchService.SearchServiceWse.GetTemplate(Int32 providerId, SearchCriteriaType criteria)
at WebServiceProxies.SearchService.Commands.GetTemplateCommand.DoCallService()
at Microsoft.Practices.SmartClient.Library.Commands.CommandWithCallback`2.DoExecute()

Additional Info:

MachineName : LAPTOP
TimeStamp : 9/20/2009 10:41:08 PM
FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=69cf5367912b86b4
AppDomainName : FTM.exe
ThreadIdentity : LAPTOP\Barry
WindowsIdentity : LAPTOP\Barry

Category: Exception
Priority: 0
EventId: 100
Severity: Error
Title:FTM Exception Handling
Machine: LAPTOP
Application Domain: FTM.exe
Process Id: 2500
Process Name: C:\Program Files\Family Tree Maker 2009\FTM.exe
Win32 Thread Id: 3308
Thread Name:
Extended Properties:

Record Number: 19665
Source Name: Family Tree Maker
Time Written: 20090920184108.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"kds_language"=13

-----------------EOF-----------------


Report •

Related Solutions

#4
December 23, 2009 at 04:43:34
defogger_disable by jpshortstuff (28.11.09.2)
Log created at 20:46 on 22/12/2009 (Barry)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


Report •

#5
December 23, 2009 at 04:44:05
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 07:36:26
Windows 5.1.2600 Service Pack 3
Running: 03z7rhvz.exe; Driver: C:\DOCUME~1\Barry\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF763187E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7631BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0xDB 0x60 0x4F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA4 0xD7 0xD1 0x40 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x4F 0x9B 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0xDB 0x60 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA4 0xD7 0xD1 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x44 0x1F 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0xDB 0x60 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA4 0xD7 0xD1 0x40 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x44 0x1F 0x33 ...

---- EOF - GMER 1.0.15 ----


Report •

#6
December 23, 2009 at 05:04:07
Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#7
December 23, 2009 at 05:55:46
08:58:04:447 3940 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
08:58:04:447 3940 ================================================================================
08:58:04:447 3940 SystemInfo:

08:58:04:457 3940 OS Version: 5.1.2600 ServicePack: 3.0
08:58:04:457 3940 Product type: Workstation
08:58:04:457 3940 ComputerName: LAPTOP
08:58:04:457 3940 UserName: Barry
08:58:04:457 3940 Windows directory: C:\WINDOWS
08:58:04:457 3940 Processor architecture: Intel x86
08:58:04:457 3940 Number of processors: 1
08:58:04:457 3940 Page size: 0x1000
08:58:04:457 3940 Boot type: Normal boot
08:58:04:457 3940 ================================================================================
08:58:04:467 3940 ForceUnloadDriver: NtUnloadDriver error 2
08:58:04:467 3940 ForceUnloadDriver: NtUnloadDriver error 2
08:58:04:467 3940 ForceUnloadDriver: NtUnloadDriver error 2
08:58:04:518 3940 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
08:58:04:518 3940 main: Driver KLMD successfully dropped
08:58:04:678 3940 main: Driver KLMD successfully loaded
08:58:04:678 3940
Scanning Registry ...
08:58:04:678 3940 ScanServices: Searching service UACd.sys
08:58:04:678 3940 ScanServices: Open/Create key error 2
08:58:04:678 3940 ScanServices: Searching service TDSSserv.sys
08:58:04:678 3940 ScanServices: Open/Create key error 2
08:58:04:678 3940 ScanServices: Searching service gaopdxserv.sys
08:58:04:688 3940 ScanServices: Open/Create key error 2
08:58:04:688 3940 ScanServices: Searching service gxvxcserv.sys
08:58:04:688 3940 ScanServices: Open/Create key error 2
08:58:04:688 3940 ScanServices: Searching service MSIVXserv.sys
08:58:04:688 3940 ScanServices: Open/Create key error 2
08:58:04:688 3940 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
08:58:04:688 3940 UnhookRegistry: Kernel local addr: A40000
08:58:04:688 3940 UnhookRegistry: KeServiceDescriptorTable addr: AC3220
08:58:04:698 3940 UnhookRegistry: KiServiceTable addr: A4B6A8
08:58:04:698 3940 UnhookRegistry: NtEnumerateKey service number (local): 47
08:58:04:698 3940 UnhookRegistry: NtEnumerateKey local addr: ADC5A4
08:58:04:708 3940 KLMD_OpenDevice: Trying to open KLMD device
08:58:04:708 3940 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
08:58:04:708 3940 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
08:58:04:708 3940 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
08:58:04:708 3940 UnhookRegistry: NtEnumerateKey service number (kernel): 47
08:58:04:708 3940 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
08:58:04:708 3940 UnhookRegistry: NtEnumerateKey real addr: 805735A4
08:58:04:708 3940 UnhookRegistry: NtEnumerateKey calc addr: 805735A4
08:58:04:708 3940 UnhookRegistry: No SDT hooks found on NtEnumerateKey
08:58:04:708 3940 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA]
08:58:04:708 3940 UnhookRegistry: No splicing found on NtEnumerateKey
08:58:04:708 3940
Scanning Kernel memory ...
08:58:04:718 3940 KLMD_OpenDevice: Trying to open KLMD device
08:58:04:718 3940 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
08:58:04:718 3940 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
08:58:04:718 3940 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85F8FA08
08:58:04:718 3940 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
08:58:04:718 3940 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85F8C9F0
08:58:04:718 3940 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F8C9F0
08:58:04:718 3940 KLMD_ReadMem: Trying to ReadMemory 0x85F8C9F0[0x38]
08:58:04:718 3940 DetectCureTDL3: DRIVER_OBJECT addr: 85F8FA08
08:58:04:718 3940 KLMD_ReadMem: Trying to ReadMemory 0x85F8FA08[0xA8]
08:58:04:718 3940 KLMD_ReadMem: Trying to ReadMemory 0xE1803C90[0x208]
08:58:04:718 3940 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
08:58:04:718 3940 DetectCureTDL3: IrpHandler (0) addr: F7627BB0
08:58:04:718 3940 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (2) addr: F7627BB0
08:58:04:728 3940 DetectCureTDL3: IrpHandler (3) addr: F7621D1F
08:58:04:728 3940 DetectCureTDL3: IrpHandler (4) addr: F7621D1F
08:58:04:728 3940 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (9) addr: F76222E2
08:58:04:728 3940 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (14) addr: F76223BB
08:58:04:728 3940 DetectCureTDL3: IrpHandler (15) addr: F7625F28
08:58:04:728 3940 DetectCureTDL3: IrpHandler (16) addr: F76222E2
08:58:04:728 3940 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (22) addr: F7623C82
08:58:04:728 3940 DetectCureTDL3: IrpHandler (23) addr: F762899E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
08:58:04:728 3940 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
08:58:04:728 3940 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
08:58:04:728 3940 KLMD_ReadMem: DeviceIoControl error 1
08:58:04:728 3940 TDL3_StartIoHookDetect: Unable to get StartIo handler code
08:58:04:728 3940 TDL3_FileDetect: Processing driver: Disk
08:58:04:728 3940 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
08:58:04:728 3940 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
08:58:04:738 3940 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
08:58:04:768 3940 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85F8DAB8
08:58:04:768 3940 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F8DAB8
08:58:04:768 3940 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85FA5148
08:58:04:768 3940 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85FA5148
08:58:04:768 3940 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85F91940
08:58:04:768 3940 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F91940
08:58:04:768 3940 KLMD_ReadMem: Trying to ReadMemory 0x85F91940[0x38]
08:58:04:768 3940 DetectCureTDL3: DRIVER_OBJECT addr: 85FA55C0
08:58:04:768 3940 KLMD_ReadMem: Trying to ReadMemory 0x85FA55C0[0xA8]
08:58:04:778 3940 KLMD_ReadMem: Trying to ReadMemory 0xE1013870[0x208]
08:58:04:778 3940 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
08:58:04:778 3940 DetectCureTDL3: IrpHandler (0) addr: F75366F2
08:58:04:778 3940 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (2) addr: F75366F2
08:58:04:778 3940 DetectCureTDL3: IrpHandler (3) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (4) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (14) addr: F7536712
08:58:04:778 3940 DetectCureTDL3: IrpHandler (15) addr: F7532852
08:58:04:778 3940 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (22) addr: F753673C
08:58:04:778 3940 DetectCureTDL3: IrpHandler (23) addr: F753D336
08:58:04:778 3940 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
08:58:04:778 3940 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
08:58:04:778 3940 KLMD_ReadMem: Trying to ReadMemory 0xF7533864[0x400]
08:58:04:778 3940 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
08:58:04:778 3940 TDL3_FileDetect: Processing driver: atapi
08:58:04:778 3940 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
08:58:04:788 3940 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
08:58:04:788 3940 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
08:58:04:808 3940
Completed

Results:
08:58:04:808 3940 Infected objects in memory: 0
08:58:04:818 3940 Cured objects in memory: 0
08:58:04:818 3940 Infected objects on disk: 0
08:58:04:818 3940 Objects on disk cured on reboot: 0
08:58:04:818 3940 Objects on disk deleted on reboot: 0
08:58:04:818 3940 Registry nodes deleted on reboot: 0
08:58:04:818 3940


Report •

#8
December 23, 2009 at 09:56:24
Please download OTL from following site:

Link1

1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Under the Custom Scans/Fixes box at the bottom, paste in the following,everything between the X's:


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Report •

#9
December 23, 2009 at 11:46:28
OTL logfile created on: 12/23/2009 2:44:29 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 13.59 Gb Free Space | 36.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/23 14:31:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
PRC - [2009/12/12 09:59:48 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 09:59:36 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 09:59:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/26 08:56:01 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/26 08:55:47 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/26 13:23:01 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/26 13:23:00 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/26 13:22:50 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/06/29 14:55:20 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/29 17:39:36 | 00,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE
PRC - [2003/03/31 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/23 14:31:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
MOD - [2009/12/09 08:17:28 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\browsemap64\browsemap64.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/11/26 08:55:47 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/26 13:22:50 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/12 20:09:29 | 00,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/04 11:15:26 | 00,279,960 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 11:08:26 | 00,032,768 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/02/01 17:08:50 | 00,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/29 17:39:36 | 00,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)
SRV - [2006/04/18 04:00:00 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 3A D2 C0 DD 0F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [browsemap64] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templat... (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite... (QuickTime Plugin Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downl... (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls... (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitS... (PCPitstop Utility)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celartem.com/en/downlo... (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://pcpitstop.com/internet/pcpCo... (iCC Class)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/no... (Reg Error: Key error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/downl... (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/re... (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win... (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic... (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gm... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_13)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/instal... (Creative Toolbox Plug-in)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeu... (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pu... (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab (FlashXControl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nikken.webex.com/client/T27L/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/28 17:01:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]

[2009/12/23 14:31:49 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/23 14:30:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2009/12/23 08:53:33 | 00,137,480 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Barry\Desktop\TDSSKiller.exe
[2009/12/22 20:45:15 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/22 17:50:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Barry\Recent
[2009/12/20 11:57:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/18 10:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Yahoo!
[2009/12/18 10:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/12/18 09:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Local Settings\Application Data\browsemap64
[2009/12/18 09:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Desktop\familytree
[2009/12/10 11:22:10 | 00,000,000 | ---D | C] -- C:\dad5774f2f4231eafe199d
[2009/10/26 13:19:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/26 13:19:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/26 13:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/26 13:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/20 11:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Downloaded Installations
[2008/11/19 21:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]

[2009/12/23 14:46:26 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{055F926C-A4EE-4D1D-BDC9-C13AC6559DFA}.job
[2009/12/23 14:39:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/23 14:36:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/23 14:36:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/23 14:35:14 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\Barry\NTUSER.DAT
[2009/12/23 14:35:14 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Barry\ntuser.ini
[2009/12/23 14:31:50 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/23 14:31:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2009/12/23 12:50:14 | 06,384,120 | -H-- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\IconCache.db
[2009/12/23 12:00:00 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job
[2009/12/23 09:23:49 | 00,009,391 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\ITEX.ods
[2009/12/23 09:12:30 | 00,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP5800L.cah
[2009/12/23 09:12:17 | 46,946,585 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/23 09:00:24 | 00,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/23 09:00:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/23 09:00:24 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/12/23 08:52:18 | 00,120,283 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\tdsskiller.zip
[2009/12/22 20:49:15 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/22 20:47:00 | 00,000,020 | ---- | M] () -- C:\Documents and Settings\Barry\defogger_reenable
[2009/12/22 18:24:32 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Defogger.exe
[2009/12/22 18:22:06 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\03z7rhvz.exe
[2009/12/22 18:21:06 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\RSIT.exe
[2009/12/22 16:19:26 | 00,009,244 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Weinberg 5351 Latest.pdf
[2009/12/22 16:18:43 | 00,006,686 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Weinberg 5344 Latest.pdf
[2009/12/22 16:14:06 | 00,013,127 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Weinberg 5336 Latest.pdf
[2009/12/22 09:49:40 | 00,127,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/21 17:04:01 | 00,003,120 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\Medicare.odb
[2009/12/21 11:00:17 | 00,015,497 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Weinberg Scottrade Nov.pdf
[2009/12/21 11:00:07 | 00,016,937 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Weinberg Scottrade Oct.pdf
[2009/12/21 10:59:53 | 00,019,412 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Weinberg Scottrade Sep.pdf
[2009/12/20 11:57:05 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\HijackThis.lnk
[2009/12/20 02:41:24 | 00,137,480 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Barry\Desktop\TDSSKiller.exe
[2009/12/18 10:00:55 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\CCleaner.lnk
[2009/12/16 23:44:00 | 00,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/12/15 15:00:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro.job
[2009/12/13 20:41:18 | 00,012,618 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Finances.ods
[2009/12/11 13:26:40 | 00,092,517 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Holiday2009.jpg
[2009/12/11 09:31:33 | 00,000,132 | -H-- | M] () -- C:\Documents and Settings\Barry\Desktop\.~lock.Office 1 page brochure flyer.doc#
[2009/12/10 13:26:55 | 00,441,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 13:26:55 | 00,071,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 13:26:54 | 00,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/23 08:52:09 | 00,120,283 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\tdsskiller.zip
[2009/12/22 20:46:31 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Barry\defogger_reenable
[2009/12/22 18:24:32 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Defogger.exe
[2009/12/22 18:22:02 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\03z7rhvz.exe
[2009/12/22 18:21:00 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\RSIT.exe
[2009/12/22 16:19:26 | 00,009,244 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Weinberg 5351 Latest.pdf
[2009/12/22 16:18:43 | 00,006,686 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Weinberg 5344 Latest.pdf
[2009/12/22 16:14:06 | 00,013,127 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Weinberg 5336 Latest.pdf
[2009/12/21 13:59:59 | 00,003,120 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\Medicare.odb
[2009/12/21 11:00:17 | 00,015,497 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Weinberg Scottrade Nov.pdf
[2009/12/21 11:00:07 | 00,016,937 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Weinberg Scottrade Oct.pdf
[2009/12/21 10:59:53 | 00,019,412 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Weinberg Scottrade Sep.pdf
[2009/12/20 11:57:05 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\HijackThis.lnk
[2009/12/17 12:22:39 | 00,092,517 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Holiday2009.jpg
[2009/12/14 16:45:39 | 00,009,391 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\ITEX.ods
[2009/12/11 08:59:17 | 00,000,132 | -H-- | C] () -- C:\Documents and Settings\Barry\Desktop\.~lock.Office 1 page brochure flyer.doc#
[2009/10/29 18:39:03 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/09/24 20:56:03 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/07/31 08:52:05 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2009/07/31 08:51:01 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\u2ldts.dll
[2009/07/31 08:51:01 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\u2lsamp1.dll
[2009/07/31 08:51:01 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2009/07/31 08:46:23 | 00,000,069 | ---- | C] () -- C:\WINDOWS\System32\Spritew.ini
[2009/06/30 19:25:29 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/06/30 19:14:28 | 00,087,916 | ---- | C] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\installer.log
[2009/06/19 10:32:31 | 00,000,206 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2009/06/01 14:04:27 | 00,000,095 | ---- | C] () -- C:\WINDOWS\OPHD.INI
[2009/05/16 07:33:25 | 00,000,149 | ---- | C] () -- C:\WINDOWS\INSIGHT.INI
[2009/05/15 07:06:19 | 00,001,272 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/07 16:31:20 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 20:11:44 | 00,000,265 | ---- | C] () -- C:\WINDOWS\winros.ini
[2009/01/27 18:53:30 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dll
[2008/11/22 08:42:00 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\MSVC60SVV.DLL
[2008/11/22 08:33:28 | 00,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2008/07/17 09:21:17 | 00,000,014 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/06/24 01:20:02 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[1999/01/22 13:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009/06/17 19:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1stWorks
[2009/10/10 20:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ancestry.com
[2009/08/20 09:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/10/26 13:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 13:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/06/26 21:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/19 22:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/01/09 15:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/07/16 15:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/08/20 10:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/11/12 23:53:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/12 23:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/10/01 13:35:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2009/09/09 10:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/11/26 16:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/11 07:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TS Support
[2008/10/06 20:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/20 11:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/10/19 07:46:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/12/18 09:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\BitTorrent
[2008/11/22 08:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Cakewalk
[2009/06/22 21:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\CasinoOnNet
[2009/06/26 21:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\DAEMON Tools Lite
[2008/07/17 09:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\InterTrust
[2009/07/16 15:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\iolo
[2009/11/28 19:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\K9
[2009/10/10 20:56:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\KeyingTool
[2008/11/27 12:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\LimeWire
[2009/06/22 21:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Microgaming
[2008/07/15 15:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\OfficeUpdate12
[2009/01/10 09:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\OpenOffice.org
[2009/09/24 21:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\OptionsOracle
[2009/10/26 13:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\SPAMfighter
[2009/06/30 19:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Temp
[2009/11/25 23:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\UB
[2008/07/04 22:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Uniblue
[2009/09/09 19:45:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\webex
[2009/12/23 14:39:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/12/23 12:00:00 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job
[2009/12/15 15:00:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro.job
[2009/12/16 23:44:00 | 00,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/07/04 22:44:07 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2009/12/23 14:46:26 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{055F926C-A4EE-4D1D-BDC9-C13AC6559DFA}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
< End of report >

Report •

#10
December 23, 2009 at 11:47:31
OTL Extras logfile created on: 12/23/2009 2:44:29 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 13.59 Gb Free Space | 36.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\PFiles\MSOffice\Office\msohtmed.exe" %1 File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\PFiles\MSOffice\Office\msohtmed.exe" /p %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Cybered\Algebra Equation Solver\AEqSolvr.exe" = C:\Program Files\Cybered\Algebra Equation Solver\AEqSolvr.exe:*:Enabled:Algebra Equation Solver -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237a4b22-78c2-11d6-a394-00104bd190b1}" = QuickBooks Pro Edition 2003
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}" = OptionsOracle
"{302BF4A9-0AEB-41A6-8838-A9497F07B508}" = The Options Toolbox v5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"DreamSpell" = DreamSpell v1.2
"EPSON Printer and Utilities" = EPSON Printer Software
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Family Tree Maker 2010" = Family Tree Maker 2010
"FXCM Micro Trading Station II" = FXCM Micro Trading Station II
"Guitar Tracks Pro 3" = Guitar Tracks Pro 3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"SpeedItupFree4.05" = Speeditup Free 4.76
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma® Deluxe" = Zuma® Deluxe

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting 4.0.0.320
"UB" = UB
"WinDirStat" = WinDirStat 1.1.2

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/15/2009 11:27:13 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2009 4:10:52 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/18/2009 6:12:12 PM | Computer Name = LAPTOP | Source = Family Tree Maker | ID = 100
Description =

Error - 12/18/2009 6:17:22 PM | Computer Name = LAPTOP | Source = Family Tree Maker | ID = 100
Description =

Error - 12/18/2009 6:51:44 PM | Computer Name = LAPTOP | Source = Family Tree Maker | ID = 100
Description =

Error - 12/18/2009 6:51:45 PM | Computer Name = LAPTOP | Source = Family Tree Maker | ID = 100
Description = Timestamp: 12/18/2009 10:51:45 PM Message: HandlingInstanceID: 05d6eae1-3991-49b4-8503-3a153a2fcf60
An
exception of type 'System.Net.WebException' occurred and was caught. -----------------------------------------------------------------------
12/18/2009
17:51:45 Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 Message : The remote name could not be resolved:
'service.familytreemaker.com' Source : System Help link : Status : NameResolutionFailure
Response
: Data : System.Collections.ListDictionaryInternal TargetSite : System.IO.Stream
GetRequestStream() Stack Trace : at System.Net.HttpWebRequest.GetRequestStream()

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) at WebServiceProxies.SearchService.SearchServiceWse.GetTemplate(Int32
providerId, SearchCriteriaType criteria) at WebServiceProxies.SearchService.Commands.GetTemplateCommand.DoCallService()

at Microsoft.Practices.SmartClient.Library.Commands.CommandWithCallback`2.DoExecute()

Additional
Info: MachineName : LAPTOP TimeStamp : 12/18/2009 10:51:45 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=69cf5367912b86b4 AppDomainName
: FTM.exe ThreadIdentity : LAPTOP\Barry WindowsIdentity : LAPTOP\Barry Category: Exception
Priority:
0 EventId: 100 Severity: Error Title:FTM Exception Handling Machine: LAPTOP Application
Domain: FTM.exe Process Id: 632 Process Name: C:\Program Files\Family Tree Maker
2010\FTM.exe Win32 Thread Id: 2956 Thread Name: Extended Properties:

Error - 12/18/2009 9:40:23 PM | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/18/2009 9:41:07 PM | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/22/2009 7:01:44 PM | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/22/2009 7:02:29 PM | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 11/22/2009 1:51:09 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +2592001 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|10.0.0.2:123->207.46.232.182:123) is working
properly.

Error - 11/22/2009 2:23:49 PM | Computer Name = LAPTOP | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 11/22/2009 2:24:04 PM | Computer Name = LAPTOP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0014D1595A3E. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/23/2009 9:47:29 AM | Computer Name = LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
0014D1595A3E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 12/23/2009 12:13:01 PM | Computer Name = LAPTOP | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 12/23/2009 1:33:53 PM | Computer Name = LAPTOP | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\DREAM\KODAK 5500 AiO,LocalOnly
driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.dll error 5.

Error - 12/23/2009 3:00:15 PM | Computer Name = LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
0014D1595A3E has been denied by the DHCP server 192.168.11.1 (The DHCP Server sent
a DHCPNACK message).

Error - 12/23/2009 3:31:56 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 12/23/2009 3:31:56 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 12/23/2009 3:31:56 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The OKI OPHD DCS Loader service terminated unexpectedly. It has done
this 1 time(s).


< End of report >


Report •

#11
December 23, 2009 at 12:01:22

Remember..your AVG antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#12
December 23, 2009 at 13:09:24
ComboFix 09-12-22.09 - Barry 12/23/2009 15:48:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.589 [GMT -5:00]
Running from: c:\documents and settings\Barry\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Barry\Local Settings\Application Data\browsemap64\browsemap64.dll
C:\LOG.TXT
c:\windows\Barry
c:\windows\system32\MSVC60SVV.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-23 20:20 . 2009-12-23 20:44 -------- d-----w- C:\Combo-Fix24145C
2009-12-23 20:16 . 2009-12-23 20:18 -------- d-----w- C:\Combo-Fix
2009-12-23 19:31 . 2009-12-23 19:31 -------- d-----w- C:\_OTL
2009-12-23 01:45 . 2009-12-23 01:45 -------- d-----w- C:\rsit
2009-12-20 16:57 . 2009-12-20 16:57 -------- d-----w- c:\program files\Trend Micro
2009-12-18 15:01 . 2009-12-18 15:01 -------- d-----w- c:\documents and settings\Barry\Application Data\Yahoo!
2009-12-18 15:01 . 2009-12-19 12:08 -------- d-----w- c:\program files\Yahoo!
2009-12-18 14:51 . 2009-12-23 20:31 -------- d-----w- c:\documents and settings\Barry\Local Settings\Application Data\browsemap64
2009-12-10 16:22 . 2009-12-10 16:23 -------- d-----w- C:\dad5774f2f4231eafe199d
2009-12-06 15:58 . 2009-12-06 15:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-29 00:57 . 2009-11-29 00:57 -------- d-----w- c:\documents and settings\Barry\Application Data\K9
2009-11-29 00:56 . 2009-11-29 00:56 -------- d-----w- c:\program files\KeirNet
2009-11-26 03:18 . 2009-11-26 03:18 -------- d-----w- c:\program files\CCleaner
2009-11-26 02:51 . 2009-11-26 04:01 159744 ----a-w- c:\documents and settings\Barry\Application Data\UB\DownLoadInst\liveupdate.exe
2009-11-26 02:40 . 2009-12-23 01:16 -------- d-----w- c:\program files\UltimateBet
2009-11-26 02:40 . 2009-11-26 04:01 -------- d-----w- c:\documents and settings\Barry\Application Data\UB
2009-11-25 13:27 . 2009-11-25 13:27 -------- d-----w- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 14:56 . 2009-01-10 14:45 1 ----a-w- c:\documents and settings\Barry\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-21 14:16 . 2009-10-19 12:53 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-21 14:15 . 2009-10-19 12:53 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-21 14:15 . 2009-10-19 12:53 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-21 14:04 . 2009-10-29 12:56 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-21 14:02 . 2009-10-19 12:50 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-21 14:01 . 2009-10-19 12:50 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-21 14:01 . 2009-10-19 12:50 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-21 14:00 . 2009-10-19 12:49 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-21 13:59 . 2009-10-19 12:49 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-21 13:57 . 2009-10-19 12:49 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-21 00:15 . 2009-05-31 01:17 -------- d-----w- c:\program files\Full Tilt Poker
2009-12-19 00:27 . 2009-10-24 20:46 -------- d-----w- c:\program files\options investigator 1
2009-12-18 14:53 . 2009-06-23 23:02 -------- d-----w- c:\documents and settings\Barry\Application Data\BitTorrent
2009-12-17 02:07 . 2009-05-31 01:22 -------- d-----w- c:\program files\PokerStars
2009-12-04 12:28 . 2009-10-09 17:58 -------- d-----w- c:\program files\Family Tree Maker 2010
2009-12-01 17:48 . 2009-05-08 01:33 -------- d-----w- c:\program files\Citrix
2009-11-26 21:12 . 2009-01-31 04:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 21:12 . 2009-04-21 00:04 10 ----a-w- c:\windows\popcinfo.dat
2009-11-26 13:56 . 2009-10-19 12:53 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-26 13:56 . 2009-10-19 12:53 206944 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-26 13:56 . 2009-10-19 12:53 390288 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-26 13:56 . 2009-10-19 12:53 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 13:56 . 2009-10-19 12:50 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 13:56 . 2009-10-19 12:50 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 13:56 . 2009-10-19 12:50 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-26 02:40 . 2008-11-26 04:11 -------- d-----w- c:\program files\_uninstallation_info
2009-11-18 04:36 . 2008-06-29 19:57 -------- d-----w- c:\program files\Speeditup Free
2009-11-13 01:14 . 2009-11-13 00:58 -------- d-----w- c:\program files\PartyGaming
2009-11-09 17:55 . 2009-10-26 18:24 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-07 21:47 . 2009-11-07 20:57 -------- d-----w- c:\program files\POKERobot
2009-11-07 18:39 . 2009-11-07 18:24 -------- d-----w- c:\program files\Smart PB
2009-11-07 18:07 . 2009-11-07 17:59 -------- d-----w- c:\program files\OPB
2009-11-07 16:22 . 2009-11-07 16:22 -------- d-----w- c:\program files\HoldemSoft
2009-11-06 21:30 . 2008-06-28 23:44 122088 -c--a-w- c:\documents and settings\Barry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 15:04 . 2009-11-04 15:04 -------- d-----w- c:\program files\JRE
2009-11-04 15:04 . 2009-01-10 14:06 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-29 15:36 . 2009-08-20 20:36 -------- d-----w- c:\program files\Epson Print CD
2009-10-29 12:56 . 2009-10-29 12:57 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 12:56 . 2009-10-29 12:56 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 12:56 . 2009-10-29 12:56 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 12:56 . 2009-10-29 12:56 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 12:56 . 2009-10-19 18:16 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 12:56 . 2009-10-29 12:56 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 12:56 . 2009-10-29 12:56 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 12:56 . 2009-10-29 12:56 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 12:56 . 2009-10-29 12:56 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 07:46 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-07-14 14:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2003-03-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-26 18:33 . 2009-10-26 18:33 -------- d-----w- c:\documents and settings\Barry\Application Data\SPAMfighter
2009-10-26 18:28 . 2009-10-26 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-26 18:24 . 2009-10-26 18:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-26 18:23 . 2009-10-26 18:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-26 18:23 . 2009-10-26 18:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-26 18:22 . 2009-10-26 18:22 -------- d-----w- c:\program files\AVG
2009-10-26 18:22 . 2009-10-26 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-26 18:09 . 2008-06-29 00:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-26 18:09 . 2009-06-25 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-26 18:09 . 2008-06-29 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-22 15:02 . 2008-11-22 13:42 13 ----a-w- c:\windows\MSOCREG.DAT
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-16 19:28 . 2009-06-19 15:42 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-10-16 16:12 . 2009-10-26 18:28 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-10-13 10:30 . 2003-03-31 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-03-31 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-10-19 12:46 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-25 02:18 . 2009-09-25 02:18 45056 ----a-r- c:\documents and settings\Barry\Application Data\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe1_2C31929AD6AB4D0BABF94812A045CE97.exe
2009-09-25 02:18 . 2009-09-25 02:18 204800 ----a-r- c:\documents and settings\Barry\Application Data\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle_Data_2C31929AD6AB4D0BABF94812A045CE97.exe
2009-09-25 02:18 . 2009-09-25 02:18 45056 ----a-r- c:\documents and settings\Barry\Application Data\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe_2C31929AD6AB4D0BABF94812A045CE97.exe
2009-09-25 02:18 . 2009-09-25 02:18 45056 ----a-r- c:\documents and settings\Barry\Application Data\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 16:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-31 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-26 18:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Barry^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
2009-11-26 13:56 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-11-26 13:56 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo R260 Series on DREAM]
2006-10-17 07:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\carpserv]
2003-05-21 19:35 4608 ----a-w- c:\windows\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
2003-05-21 19:35 4608 ----a-w- c:\windows\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000MUI]
2009-04-07 21:27 1511424 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-04-07 21:27 1511424 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
2006-10-17 07:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E_S92]
2006-10-17 07:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E_SA1]
2006-10-17 07:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-07-21 14:22 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleQuickSearchBox]
2009-07-21 14:22 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier]
2008-06-29 19:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2008-10-31 21:46 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-10-31 21:46 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader_sl]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUp]
2009-11-13 17:26 2274816 ----a-w- c:\program files\Speeditup Free\SpeedItUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
2009-11-13 17:26 2274816 ----a-w- c:\program files\Speeditup Free\SpeedItUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-29 19:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-03 00:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-03 00:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakSvc"=2 (0x2)
"gusvc"=3 (0x3)
"aawservice"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"OKI OPHD DCS Loader"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"pgsql-8.3"=2 (0x2)
"Kodak AiO Network Discovery Service"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Symantec RemoteAssist"=3 (0x3)
"SPAMfighter Update Service"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/19/2009 7:54 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/26/2009 1:23 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/26/2009 1:24 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/26/2009 1:22 PM 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
R2 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [6/1/2009 2:03 PM 24576]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2/17/2004 4:58 PM 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2/17/2004 4:59 PM 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [7/15/2004 4:31 PM 18432]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [11/12/2008 10:26 PM 340096]
S3 Airgo3P;NETGEAR RangeMax(TM) 240 Wireless Notebook Adapter WPNT511;c:\windows\system32\drivers\TMIMO31P.sys [6/28/2008 7:36 PM 780800]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [1/27/2009 6:53 PM 580096]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [10/30/2008 6:02 AM 72576]
S3 WinPhlash;WinPhlash;c:\swsetup\sp30455\PhlashNT.sys [9/21/2004 10:12 AM 26816]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 11:15 AM 279960]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 11:08 AM 32768]
S4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/26/2009 9:44 PM 721904]
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-browsemap64 - c:\documents and settings\Barry\Local Settings\Application Data\browsemap64\browsemap64.dll
MSConfigStartUp-M3PLUGIN - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-SPAMfighter Agent - c:\program files\SPAMfighter\SFAgent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 16:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-23 16:06:57
ComboFix-quarantined-files.txt 2009-12-23 21:06

Pre-Run: 14,413,606,912 bytes free
Post-Run: 14,372,868,096 bytes free

- - End Of File - - CA214A0CF6690930DEE580FD373FA8F0


Report •

#13
December 23, 2009 at 13:12:50
Can you give me a brief explanation of what we did one each step?
Thanx

Report •

#14
December 23, 2009 at 13:14:14
Are you still being redirected?

Report •

#15
December 23, 2009 at 13:29:15
Doesnt appear so.
Thanx for your help....if it happens again I'll let you know.

Report •

#16
December 23, 2009 at 13:42:15
A little clean-up to do.

First re-enable the drivers that dgogger disabled...just run it and click re-enable.

Delete RSIT, GMER, Defogger (when you re-enable the drivers), TDSSKIller, and OTL from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#17
December 23, 2009 at 13:57:05
When I put in the unnstall command ComboFix /Uninstall,it says it cant find ComboFix

Also, I use AdAware. Should I use the Spyware program you suggested instead of or in addition to AdAware


Report •

#18
December 23, 2009 at 19:46:10
Try using Combo-Fix /Uninstall

Use Spywareblaster in addiction to Ad-Aware.


Report •

#19
December 24, 2009 at 05:36:51
Couldn't find Combo-Fix either.

Report •

#20
December 24, 2009 at 09:01:50
Delete the Combofix icon on your desktop then navigate to and delete these files/folders if found:


C:\Qoobox
C:\ComboFix

That should remove it.


Report •

#21
December 27, 2009 at 06:13:37
Hello jabuck,

Thank you for your help.
Since you helped me so successfully with that problem, I thought you could help me with another. :)

I have a computer I built about 6 years ago, that worked excellent until about 2 months ago. I woke up one morning and it wouldn't start up. The lights would go on, everything would be humming...but nothing on the monitor. I tested everything and came to the conclusion it was the videocard. I bought another video card and for a few days it worked fine and then the same problem. I contacted the videocard company and they said it was probably the power supply and they would replace the video card.

I bought a new power supply and got the new video card. The computer started up and I checked the bios settings. I noticed the bios was set up for PCI and the card was AGP. I changed the settings and the computer started fine for the last 2 days. This morning I woke up and again the computer doesn't start up.

The lights are on....the computers humming....it sounds like the hard drive is starting up...but nothing on the monitor. The light on the monitor which usually gives a solid green when receiving data is blinking red.

Any ideas?

Thanx


Report •

#22
December 27, 2009 at 08:04:49
Red light means not receiving. Its probably the mobo since the problem seems to be jumping around but I'm not a hardware expert.

Report •


Ask Question