WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


virus showing up as spyware removal site

2 posters

descriptionvirus showing up as spyware removal site Emptyvirus showing up as spyware removal site28th February 2010, 11:25 pm

more_horiz
can you help me please. I have a virus that is blocking all programs, access to the control panel, notepad, and everything else that I have tried to open. I am not able to download anything in order to remove it. I am using my computer in safe mode. I am not very computer literate but I will try to follow any advice that you can give to me. Can someone please please please help me get rid of this 2010 virus. Thank you in advance. :sad: :sad:

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site1st March 2010, 12:07 am

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
virus showing up as spyware removal site DXwU4
virus showing up as spyware removal site VvYDg

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site1st March 2010, 11:31 am

more_horiz
thank you for responding so fast. I did as you said but I dont no how to send the results to you. I told you that Im not very computer savy!! sorry.

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site1st March 2010, 8:21 pm

more_horiz
Copy and paste the logs into the text box, then hit send.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
virus showing up as spyware removal site DXwU4
virus showing up as spyware removal site VvYDg

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site2nd March 2010, 1:51 am

more_horiz
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\HelpAssistant\My Documents
Windows XP Professional Edition Service Pack 3, v.5913 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.14 Gb Free Space | 32.40% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-471332FE4E
Current User Name: user
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/01 06:27:17 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HelpAssistant\My Documents\OTL.exe
PRC - [2009/12/02 08:52:42 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/01/26 00:57:40 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/01 06:27:17 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HelpAssistant\My Documents\OTL.exe
MOD - [2008/01/26 00:58:08 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3300_x-ww_d7ca0dc2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/18 08:01:48 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/02 08:52:31 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/02 08:52:29 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/02 08:52:25 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/05/31 11:17:36 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2006/03/17 16:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/02 08:53:01 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/02 08:53:01 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/02 08:53:00 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/02 08:52:52 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2009/12/02 08:52:51 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/12/02 08:52:27 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2009/12/02 08:52:27 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2009/12/02 08:52:26 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2009/12/02 08:52:10 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/12/02 08:52:10 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/20 14:39:04 | 000,339,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/08/20 12:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/02 14:15:26 | 006,008,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/25 23:35:04 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/25 15:26:26 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/06 11:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 16:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/23 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.3
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: foxsaver@www.foxsaver.com:2.2.7.5
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@kidzui.com:0.8
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: {71398870-486b-11de-8a39-0800200c9a66}:1.0b1
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="

FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/04 05:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 17:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/27 12:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/27 11:40:48 | 000,000,000 | ---D | M]

[2010/02/01 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/02/01 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/01 19:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions
[2010/02/23 08:51:53 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/28 10:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/24 10:19:17 | 000,000,000 | ---D | M] (Googlepedia) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2009/08/03 16:12:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 03:42:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/31 10:25:35 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/02/23 08:51:49 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/02/26 22:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{517ca167-b6e8-4397-a0b4-a0074bbe3d5b}
[2010/02/04 04:04:56 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/04 04:04:45 | 000,000,000 | ---D | M] (Free Game Bar Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}
[2009/07/19 07:24:20 | 000,000,000 | ---D | M] (Prince of Persia) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{71398870-486b-11de-8a39-0800200c9a66}
[2010/02/23 08:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/05 06:57:45 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/31 21:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\anycolor.pavlos256@gmail.com
[2009/11/12 18:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\firefox@kidzui.com
[2010/02/23 08:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\foxsaver@www.foxsaver.com
[2009/06/22 19:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\iaplayer@instantaction(2).com
[2009/07/01 14:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\smarterwiki@wikiatic(2).com
[2009/07/01 14:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\smarterwiki@wikiatic.com
[2010/02/26 22:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\textlinks@playsushi.com
[2009/07/11 05:20:35 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\ask.xml
[2009/06/15 19:43:04 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\mywebsearch.xml
[2009/11/19 04:24:23 | 000,002,797 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\world-of-warcraft-armory.xml
[2009/07/07 15:14:57 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\Yoog Search.xml
[2010/03/01 19:29:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecause Toolbar BHO) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.39.5/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5808/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (sevenui.exe) - C:\WINDOWS\System32\sevenui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/31 11:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/08 14:43:55 | 000,000,046 | RH-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe -- [2009/05/08 14:43:55 | 001,599,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/01 19:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2010/03/01 15:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/01 15:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/01 07:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TheScruffs
[2010/02/28 19:22:18 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup.exe
[2010/02/28 18:44:06 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/28 18:44:06 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/28 18:44:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/28 18:42:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/28 18:41:54 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/28 18:41:54 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/28 18:41:44 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PC Tools
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/28 18:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/02/28 18:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 18:33:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 18:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 18:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 18:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Malwarebytes_Anti-Malware_1.44
[2010/02/28 17:09:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/28 12:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG8
[2010/02/28 08:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\opcdjm
[2010/02/26 19:41:44 | 061,395,832 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\user\My Documents\R132886.EXE
[2010/02/26 19:37:31 | 008,254,544 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\All Users\Documents\R132312.EXE
[2010/02/26 19:35:25 | 003,086,672 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\All Users\Documents\R135875.EXE
[2010/02/26 19:30:01 | 002,948,504 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\All Users\Documents\ddup1280.exe
[2010/02/26 19:26:11 | 010,585,496 | ---- | C] (Dell ) -- C:\Documents and Settings\All Users\Documents\DS321PCTweb.exe
[2010/02/25 07:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/02/25 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2010/02/24 20:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\5 Spots
[2010/02/19 07:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Curse
[2010/01/31 05:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Deployment
[2010/01/02 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/02 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/02 08:36:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/02 08:36:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/25 21:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/08 16:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/08 15:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/01 20:32:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 20:31:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 20:30:48 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010/03/01 20:30:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/03/01 20:30:40 | 002,624,656 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/03/01 20:25:26 | 000,146,982 | ---- | M] () -- C:\Documents and Settings\user\Desktop\otl_0.55.tar.gz
[2010/03/01 20:24:00 | 000,146,982 | ---- | M] () -- C:\Documents and Settings\user\My Documents\otl_0.55.tar.gz
[2010/03/01 18:28:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 18:22:18 | 000,149,932 | ---- | M] () -- C:\logfile
[2010/03/01 18:07:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/01 15:45:32 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/01 09:10:14 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/01 08:23:18 | 056,483,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/01 08:11:40 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/28 20:20:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jbhguh.sys
[2010/02/28 19:27:12 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 19:22:22 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup.exe
[2010/02/28 18:41:50 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/28 18:31:00 | 008,761,532 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Malwarebytes_Anti-Malware_1.44.zip
[2010/02/28 17:51:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/27 11:40:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/26 21:08:47 | 207,465,552 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Wave-Systems-Corp_EMBASSY-Tr_A04_R217281.exe
[2010/02/26 21:08:43 | 024,762,824 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R132539.exe
[2010/02/26 21:06:06 | 001,549,800 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R260009.exe
[2010/02/26 21:05:53 | 002,852,424 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R220296.exe
[2010/02/26 21:05:32 | 005,761,160 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R161008.EXE
[2010/02/26 21:05:07 | 012,150,160 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R161013.EXE
[2010/02/26 21:03:46 | 008,747,008 | ---- | M] () -- C:\Documents and Settings\user\My Documents\My Downloads List4.ISO
[2010/02/26 19:43:23 | 078,240,680 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R215191.EXE
[2010/02/26 19:43:06 | 000,720,622 | ---- | M] () -- C:\Documents and Settings\user\My Documents\O745-263.exe
[2010/02/26 19:42:54 | 018,400,360 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R189424.exe
[2010/02/26 19:42:40 | 061,395,832 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\user\My Documents\R132886.EXE
[2010/02/26 19:41:29 | 076,181,328 | ---- | M] () -- C:\Documents and Settings\user\My Documents\AMD_RADEON-HD-2400-XT_A05_R179781.exe
[2010/02/26 19:40:29 | 008,828,928 | ---- | M] () -- C:\Documents and Settings\user\My Documents\OPGA5.iso
[2010/02/26 19:40:16 | 008,828,928 | ---- | M] () -- C:\Documents and Settings\user\My Documents\OUGA5.iso
[2010/02/26 19:39:45 | 001,549,800 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R260009.exe
[2010/02/26 19:39:44 | 094,233,336 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Dell_multi-device_A17_R174291.exe
[2010/02/26 19:39:39 | 002,852,424 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R220296.exe
[2010/02/26 19:38:30 | 005,761,160 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R161008.EXE
[2010/02/26 19:38:05 | 012,150,160 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R161013.EXE
[2010/02/26 19:37:38 | 008,254,544 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\All Users\Documents\R132312.EXE
[2010/02/26 19:37:02 | 001,904,904 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R151799.EXE
[2010/02/26 19:35:29 | 003,086,672 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\All Users\Documents\R135875.EXE
[2010/02/26 19:35:17 | 034,628,826 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R164210.exe
[2010/02/26 19:34:28 | 356,389,787 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R149559.exe
[2010/02/26 19:30:05 | 002,948,504 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\All Users\Documents\ddup1280.exe
[2010/02/26 19:29:52 | 003,892,272 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CW1337A0.exe
[2010/02/26 19:29:06 | 000,274,064 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R133527.exe
[2010/02/26 19:28:51 | 024,762,824 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R132539.exe
[2010/02/26 19:28:03 | 012,123,816 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R243724.exe
[2010/02/26 19:26:19 | 010,585,496 | ---- | M] (Dell ) -- C:\Documents and Settings\All Users\Documents\DS321PCTweb.exe
[2010/02/24 21:56:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/24 18:58:01 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/24 05:35:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 07:10:44 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/02 03:21:31 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\user\My Documents\tunein-station.pls
[2010/02/01 16:55:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/02/01 00:41:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\CurseClientStartup.ccip
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 20:25:26 | 000,146,982 | ---- | C] () -- C:\Documents and Settings\user\Desktop\otl_0.55.tar.gz
[2010/03/01 15:45:32 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/28 20:50:15 | 000,146,982 | ---- | C] () -- C:\Documents and Settings\user\My Documents\otl_0.55.tar.gz
[2010/02/28 20:20:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jbhguh.sys
[2010/02/28 18:44:07 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/28 18:44:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/28 18:44:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/28 18:44:06 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/28 18:44:06 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/28 18:42:03 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/28 18:41:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/28 18:41:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/28 18:41:50 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/28 18:41:44 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/28 18:33:16 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 18:31:00 | 008,761,532 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Malwarebytes_Anti-Malware_1.44.zip
[2010/02/27 11:40:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/26 21:08:09 | 024,762,824 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R132539.exe
[2010/02/26 21:06:19 | 207,465,552 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Wave-Systems-Corp_EMBASSY-Tr_A04_R217281.exe
[2010/02/26 21:06:03 | 001,549,800 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R260009.exe
[2010/02/26 21:05:49 | 002,852,424 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R220296.exe
[2010/02/26 21:05:06 | 005,761,160 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R161008.EXE
[2010/02/26 21:04:58 | 012,150,160 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R161013.EXE
[2010/02/26 21:03:45 | 008,747,008 | ---- | C] () -- C:\Documents and Settings\user\My Documents\My Downloads List4.ISO
[2010/02/26 19:43:02 | 000,720,622 | ---- | C] () -- C:\Documents and Settings\user\My Documents\O745-263.exe
[2010/02/26 19:42:25 | 018,400,360 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R189424.exe
[2010/02/26 19:42:06 | 078,240,680 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R215191.EXE
[2010/02/26 19:40:42 | 076,181,328 | ---- | C] () -- C:\Documents and Settings\user\My Documents\AMD_RADEON-HD-2400-XT_A05_R179781.exe
[2010/02/26 19:40:22 | 008,828,928 | ---- | C] () -- C:\Documents and Settings\user\My Documents\OPGA5.iso
[2010/02/26 19:40:09 | 008,828,928 | ---- | C] () -- C:\Documents and Settings\user\My Documents\OUGA5.iso
[2010/02/26 19:39:43 | 001,549,800 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R260009.exe
[2010/02/26 19:39:29 | 002,852,424 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R220296.exe
[2010/02/26 19:38:45 | 094,233,336 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Dell_multi-device_A17_R174291.exe
[2010/02/26 19:38:26 | 005,761,160 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R161008.EXE
[2010/02/26 19:37:57 | 012,150,160 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R161013.EXE
[2010/02/26 19:36:59 | 001,904,904 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R151799.EXE
[2010/02/26 19:35:00 | 034,628,826 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R164210.exe
[2010/02/26 19:30:31 | 356,389,787 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R149559.exe
[2010/02/26 19:29:48 | 003,892,272 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\CW1337A0.exe
[2010/02/26 19:29:05 | 000,274,064 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R133527.exe
[2010/02/26 19:28:38 | 024,762,824 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R132539.exe
[2010/02/26 19:27:55 | 012,123,816 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R243724.exe
[2010/02/19 07:09:14 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2010/02/02 03:21:31 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\user\My Documents\tunein-station.pls
[2010/02/01 16:55:44 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/02/01 05:22:25 | 000,154,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/01 00:41:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/01/03 18:20:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/17 08:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ddres.dll
[2009/11/17 08:08:05 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\expiry.dll
[2009/08/14 06:03:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/04 06:24:33 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009/07/02 14:19:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/07/01 15:01:41 | 000,004,946 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/06/29 13:42:46 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Painter.ini
[2009/05/31 16:57:13 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/31 16:39:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4943.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7DADD8
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4B86AEF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAC9BB2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD6127BD
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93D985FC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B3EF33
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD537E5A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:291F3023
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEACDB69
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71B781E2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24DA723
< End of report >

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site2nd March 2010, 1:49 pm

more_horiz
Hello.

Heh, you got yourself a Firefox hijacker, haven't seen this one in a while though, that's what's causing the error.
http://miekiemoes.blogspot.com/2009/01/settings-wont-save-in-firefox.html

Lets fix it shall we.


  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    virus showing up as spyware removal site CF_download_FF

    virus showing up as spyware removal site CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    virus showing up as spyware removal site Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    virus showing up as spyware removal site Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
virus showing up as spyware removal site DXwU4
virus showing up as spyware removal site VvYDg

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site3rd March 2010, 6:44 pm

more_horiz
im truly sorry that i didn't get back to you sooner. let me bring you up to date. yesterday i bought another computer because i couldn't even log in safe mode. would you please advise me as to me what i should use for protection. right now i have avg and super anti spyware. please tell me how to go about making donations and making them to you (as you are the person who helped me from the start). I want you to know how very grateful i am to you for the time that you took to help me. I am a person that wants to give back when somebody does something for me.
also please tell me what you consider a reasonable amount to be. may i come to you with any problems that i might encounter in the future? you will never know how grateful to you i am since i am self taught as far as computers go!! Thank You!

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site3rd March 2010, 6:48 pm

more_horiz
Hello.
Okay, so what is happening to this infected machine? I saw 2 firefox hijackers, and there was probably more hiding.

For your other machine you just bought, I would add MBAM to the mix, MBAM gets on well with SAS. Right On!

If you have any malware problems, you know where to find me. Smile... Donation link in my signature.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
virus showing up as spyware removal site DXwU4
virus showing up as spyware removal site VvYDg

descriptionvirus showing up as spyware removal site EmptyRe: virus showing up as spyware removal site

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum