WiredWX Hobby Weather ToolsLog in

 


Virus.Pop up

2 posters

descriptionVirus.Pop up EmptyVirus.Pop up

more_horiz
Hey guys I got a problem. I've been getting these pop ups and then a virus comes up and can't get it to stop. I ran ad ware and spy bot to remove but still keeps coming up what I need to do to get this fix? Thanks

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
OTL logfile created on: 2010-04-17 04:10:20 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 206.94 Gb Free Space | 88.86% Space Free | Partition Type: NTFS
Drive D: | 9.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-17 04:08:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2010-04-10 10:42:14 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-04-10 10:42:14 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-04-04 16:27:53 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-02-19 21:15:30 | 000,487,424 | ---- | M] (MySpace) -- C:\Program Files\MySpace\Toolbar\1.0.72.0\MSTBCoreContainer.exe
PRC - [2010-01-15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-12-01 14:11:48 | 006,373,376 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
PRC - [2008-12-09 19:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008-12-09 19:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008-11-09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-07-07 10:42:06 | 002,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-12-23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-12-23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005-03-23 18:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2005-03-15 04:46:45 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003-04-06 02:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003-04-06 02:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003-04-06 01:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003-04-06 01:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002-04-17 11:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002-04-17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010-04-17 04:08:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010-04-10 10:42:14 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-03-22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-01-15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008-12-09 19:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008-12-09 19:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008-11-09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003-03-08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009-07-03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008-04-13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-12-08 07:43:08 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007-05-10 04:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-04-12 10:44:00 | 006,738,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-12-14 03:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-06-19 02:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004-10-07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2001-08-17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010-04-11 21:32:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-04 16:27:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-16 00:54:10 | 000,000,000 | ---D | M]

[2008-12-21 19:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010-04-16 03:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions
[2010-04-11 21:40:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010-04-09 03:36:22 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-03-28 21:16:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-01-25 13:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009-12-01 13:50:20 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\searchplugins\MySpace.xml
[2010-04-16 03:57:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009-02-21 17:26:10 | 000,289,570 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9998 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Gamevance class) - {F02FABCB-92DD-475A-98AF-14217BD50746} - C:\Program Files\Gamevance\gvtl.dll (Gamevance LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: spyguardpro.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: spyguardpro.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-08 06:33:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-04-16 01:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\avG
[2010-04-16 01:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010-04-16 00:54:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010-04-16 00:54:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-04-16 00:54:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-04-16 00:54:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-04-15 23:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010-04-15 22:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010-04-15 22:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010-04-15 22:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010-04-15 21:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010-04-15 21:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010-04-15 11:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010-04-15 02:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\MissTeriTale3
[2010-04-07 19:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010-04-03 18:51:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010-04-03 18:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-04-03 18:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-04-03 18:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-04-03 18:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Apple
[2010-04-03 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010-04-03 18:49:17 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010-04-03 18:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-04-03 18:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010-04-03 18:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010-04-01 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010-03-28 21:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Media Player Classic
[2010-03-28 21:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2010-03-28 21:48:17 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2010-03-28 21:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2010-03-28 21:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010-03-28 21:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010-03-28 21:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010-03-28 21:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010-03-28 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010-03-28 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010-03-27 03:04:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010-03-27 03:00:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010-03-27 03:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010-03-26 17:15:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-03-26 17:15:11 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-03-26 17:05:57 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010-03-26 17:05:54 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009-08-29 10:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2009-01-06 17:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007-12-08 06:33:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-17 02:27:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-17 02:27:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-17 01:33:06 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010-04-17 00:45:50 | 000,015,154 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\VI713260
[2010-04-17 00:45:50 | 000,015,154 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VI713260
[2010-04-17 00:43:57 | 000,189,440 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ave.exe
[2010-04-16 05:42:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-16 01:05:50 | 000,015,646 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\6wSh45NI7b7
[2010-04-16 01:05:50 | 000,015,646 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6wSh45NI7b7
[2010-04-16 00:53:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010-04-16 00:53:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-04-16 00:53:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-04-16 00:53:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-04-16 00:53:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-04-15 22:42:02 | 000,015,492 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\1199162320
[2010-04-15 22:41:47 | 000,015,484 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\1909121372
[2010-04-15 22:41:47 | 000,015,484 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1199162320
[2010-04-15 22:41:24 | 000,015,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1909121372
[2010-04-15 20:52:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-14 03:03:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-12 10:41:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-04-11 21:31:54 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MySpaceIM.lnk
[2010-04-10 10:42:24 | 000,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-04-10 06:59:25 | 002,554,232 | ---- | M] () -- C:\Documents and Settings\user\My Documents\FX00170.pdf
[2010-04-07 19:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-04-03 18:51:37 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-04-03 18:50:24 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010-04-03 18:35:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-04-01 23:26:34 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010-04-01 23:26:34 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010-03-28 21:53:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-28 21:53:01 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Media Player Classic.lnk
[2010-03-28 21:50:07 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\user\default.pls
[2010-03-28 20:55:20 | 000,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-28 20:55:20 | 000,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-28 20:55:20 | 000,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-28 20:53:43 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-27 03:15:47 | 003,995,403 | ---- | M] () -- C:\WINDOWS\System32\SKYNETylmgoxte.dat
[2010-03-27 03:04:05 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010-03-26 18:04:32 | 000,000,524 | ---- | M] () -- C:\hpfr3420.xml
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-16 21:47:01 | 000,015,154 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\VI713260
[2010-04-16 21:47:01 | 000,015,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VI713260
[2010-04-16 05:42:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-15 22:41:31 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\1199162320
[2010-04-15 22:41:16 | 000,015,484 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\1909121372
[2010-04-15 22:41:16 | 000,015,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1199162320
[2010-04-15 22:40:43 | 000,189,440 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ave.exe
[2010-04-15 22:40:43 | 000,015,646 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\6wSh45NI7b7
[2010-04-15 22:40:43 | 000,015,488 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1909121372
[2010-04-15 21:59:01 | 000,193,024 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
[2010-04-15 21:59:01 | 000,015,646 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6wSh45NI7b7
[2010-04-15 21:59:01 | 000,015,496 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\6wSh45NI7b7
[2010-04-10 06:59:25 | 002,554,232 | ---- | C] () -- C:\Documents and Settings\user\My Documents\FX00170.pdf
[2010-04-03 18:51:37 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-04-03 18:50:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010-04-03 18:49:34 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-03-28 21:53:01 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Media Player Classic.lnk
[2010-03-28 21:50:07 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\user\default.pls
[2010-03-28 21:16:45 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010-03-28 21:16:44 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010-01-13 16:32:08 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010-01-13 16:31:11 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009-05-30 16:41:02 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\user\presets.ini
[2009-05-24 03:02:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009-04-06 18:27:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\winconfig.dll.tmp.tmp
[2009-01-26 13:14:29 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-31 18:15:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008-12-14 21:40:10 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-01-04 19:45:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-12-08 08:11:45 | 006,815,744 | -H-- | C] () -- C:\Documents and Settings\user\NTUSER.DAT
[2007-12-08 08:11:45 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\user\ntuser.dat.LOG
[2007-12-08 08:11:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\user\ntuser.ini
[2007-12-08 08:11:35 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2007-12-08 08:11:35 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2007-12-08 08:06:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-12-08 05:17:57 | 000,000,792 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-12-08 05:17:48 | 000,008,216 | ---- | C] () -- C:\WINDOWS\System32\mst122.dll
[2007-04-12 10:44:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-04-12 10:44:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-04-12 10:44:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-04-12 10:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-04-12 10:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:641C3888
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45292A84
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73C62494
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C4BD503
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99F81364
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:669764DD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393
< End of report >

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
OTL Extras logfile created on: 2010-04-17 04:10:20 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 206.94 Gb Free Space | 88.86% Space Free | Partition Type: NTFS
Drive D: | 9.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\Midway Home Entertainment\Happy Feet Demo\EngineImplementation_Retail.exe" = C:\Program Files\Midway Home Entertainment\Happy Feet Demo\EngineImplementation_Retail.exe:*:Disabled:A2M Game Engine -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0435B6BF-D3E8-4F54-96A2-C9D46720DCF4}" = Marvell(R) Wireless Client Card Configuration Utility
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{27579b3c-5470-4496-be6c-0c872674f19f}" = Macromedia Flash Player
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4FA46975-176F-457A-A09C-DBD0CBDA65F3}" = PrintMaster 16
"{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™️ Castaway Stories
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{930439A1-B49E-4A54-A499-31BDC1A91DE5}" = Shockwave Player
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"audcle" = Plus! MP3 Audio Converter LE
"Aveyond 2" = Aveyond 2
"Build-a-lot 2: Town of the Year" = Build-a-lot 2: Town of the Year
"Cake Mania" = Cake Mania
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Diner Dash®️: Hometown Hero™️" = Diner Dash®️: Hometown Hero™️
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Gamevance" = Gamevance
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"MySpaceToolbar" = MySpace Toolbar
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"RealArcade" = RealArcade
"Risk®️" = Risk®️
"Sally's Salon" = Sally's Salon
"Sally's Spa" = Sally's Spa
"Shockwave" = Shockwave
"Special Internet Offers" = Special Internet Offers
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Tweak UI 2.10" = Tweak UI
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Virtual Villagers - A New Home" = Virtual Villagers - A New Home (remove only)
"Vuze" = Vuze
"wa2wmp" = Windows Media Player Skin Importer
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 2" = Zoo Tycoon 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-04-16 06:41:51 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:41:56 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:02 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:07 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:13 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:19 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:24 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:30 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:35 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

Error - 2010-04-16 06:42:41 | Computer Name = MICHELLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Windows Journal Viewer -- Error 1706. An installation
package for the product Microsoft Windows Journal Viewer cannot be found. Try the
installation again using a valid copy of the installation package 'Microsoft Windows
Journal Viewer.msi'.

[ System Events ]
Error - 2010-04-16 01:07:53 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-04-16 01:07:53 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-04-16 02:11:19 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-04-16 02:11:19 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-04-16 22:24:01 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-04-16 22:24:01 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-04-17 01:39:26 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-04-17 01:39:26 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-04-17 03:28:08 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-04-17 03:28:08 | Computer Name = MICHELLE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
Hello.

I see that you are running Vuze.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0
    J2SE Runtime Environment 5.0 Update 1
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) 6 Update 17
    Gamevance
    Vuze Toolbar
    Vuze

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
exeHelper by Raktor
Build 20100414
Run at 02:12:02 on 04/18/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\Documents and Settings\user\Local Settings\Application Data\ave.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished--

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: spyguardpro.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: imageservr.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: spyguardpro.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
    [2010-04-17 00:45:50 | 000,015,154 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\VI713260
    [2010-04-17 00:45:50 | 000,015,154 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VI713260
    [2010-04-17 00:43:57 | 000,189,440 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ave.exe
    [2010-04-16 01:05:50 | 000,015,646 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\6wSh45NI7b7
    [2010-04-16 01:05:50 | 000,015,646 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6wSh45NI7b7
    [2010-04-15 22:42:02 | 000,015,492 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\1199162320
    [2010-04-15 22:41:47 | 000,015,484 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\1909121372
    [2010-04-15 22:41:47 | 000,015,484 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1199162320
    [2010-04-15 22:41:24 | 000,015,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1909121372
    [2010-04-15 21:59:01 | 000,193,024 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
    [2010-04-15 22:40:43 | 000,189,440 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ave.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antispyexpert.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gomyhit.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imageservr.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\spyguardpro.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\storageguardsoft.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antispyexpert.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gomyhit.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imageservr.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\spyguardpro.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\storageguardsoft.com\ deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\VI713260 moved successfully.
C:\Documents and Settings\All Users\Application Data\VI713260 moved successfully.
File C:\Documents and Settings\user\Local Settings\Application Data\ave.exe not found.
C:\Documents and Settings\user\Local Settings\Application Data\6wSh45NI7b7 moved successfully.
C:\Documents and Settings\All Users\Application Data\6wSh45NI7b7 moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\1199162320 moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\1909121372 moved successfully.
C:\Documents and Settings\All Users\Application Data\1199162320 moved successfully.
C:\Documents and Settings\All Users\Application Data\1909121372 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe moved successfully.
File C:\Documents and Settings\user\Local Settings\Application Data\ave.exe not found.

OTL by OldTimer - Version 3.2.1.1 log created on 04182010_071105

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4005

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-04-18 08:49:10
mbam-log-2010-04-18 (08-49-10).txt

Scan type: Quick scan
Objects scanned: 113693
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\skynetvdkxjboa (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\user\Start Menu\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-3536166362-3146530393-3934971023-1005\Dc15.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3536166362-3146530393-3934971023-1005\Dc16.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\A360\A360.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\A360\Help.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\A360\Registration.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.AV360) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mst122.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETylmgoxte.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

descriptionVirus.Pop up EmptyRe: Virus.Pop up

more_horiz
Please download ComboFix from Here or Here to your Desktop.

**Note:
In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

  • During the download, rename Combofix to Combo-Fix as follows:

    Virus.Pop up CF_download_FF

    Virus.Pop up CF_download_rename
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

  • **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    If you still cannot get this to run, try booting into Safe Mode, and run it there.

    To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode."

    If this doesn't work either, try the same method (above method), but name
    Combofix.exe to iexplore.exe instead, or winlogon.exe.
    This is because it also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    descriptionVirus.Pop up EmptyRe: Virus.Pop up

    more_horiz
    ComboFix 10-04-18.04 - user 2010-04-18 23:52:57.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1636 [GMT -5:00]
    Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\user\Local Settings\Temporary Internet Files\8pq6bpy0.jpg
    c:\documents and settings\user\Local Settings\Temporary Internet Files\8shB46.jpg
    c:\documents and settings\user\Local Settings\Temporary Internet Files\iSFcX.jpg
    c:\documents and settings\user\Local Settings\Temporary Internet Files\O7007.jpg
    c:\program files\Common Files\System\Uninstall
    c:\windows\system32\winconfig.dll.tmp.tmp

    Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
    .

    2010-04-18 12:25 . 2010-04-18 12:25 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
    2010-04-18 12:25 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-18 12:25 . 2010-04-18 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-18 12:25 . 2010-04-18 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-18 12:25 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-18 12:11 . 2010-04-18 12:11 -------- d-----w- C:\_OTL
    2010-04-16 10:42 . 2010-04-18 03:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-16 06:05 . 2010-04-16 06:05 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\avG
    2010-04-16 06:05 . 2010-04-16 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
    2010-04-16 05:54 . 2010-04-16 05:53 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-04-16 02:58 . 2010-04-16 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-15 07:57 . 2010-04-15 07:58 -------- d-----w- c:\documents and settings\user\Application Data\MissTeriTale3
    2010-04-12 02:31 . 2010-04-12 02:31 7631232 ----a-w- c:\documents and settings\user\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
    2010-04-09 08:36 . 2010-03-29 14:59 52224 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    2010-04-09 08:36 . 2010-03-29 14:59 101376 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    2010-04-08 00:08 . 2010-04-08 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2010-04-03 23:51 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-04-03 23:51 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-04-03 23:51 . 2010-04-03 23:51 -------- d-----w- c:\program files\iPod
    2010-04-03 23:50 . 2010-04-03 23:51 -------- d-----w- c:\program files\iTunes
    2010-04-03 23:50 . 2010-04-03 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-03 23:49 . 2010-04-03 23:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
    2010-04-03 23:49 . 2010-04-03 23:49 -------- d-----w- c:\program files\Apple Software Update
    2010-04-03 23:49 . 2009-10-16 07:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-04-03 23:49 . 2009-10-16 07:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-04-03 23:49 . 2010-04-03 23:49 -------- d-----w- c:\program files\Bonjour
    2010-04-03 23:48 . 2010-04-03 23:50 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-03 23:48 . 2010-04-03 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-04-02 04:26 . 2010-04-02 04:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2010-03-29 02:53 . 2010-03-29 02:53 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
    2010-03-29 02:52 . 2010-03-29 02:53 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-03-29 02:48 . 2010-03-29 02:48 -------- d-----w- C:\DECCHECK
    2010-03-29 02:44 . 2010-03-29 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2010-03-29 02:16 . 2010-03-29 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2010-03-29 02:16 . 2010-03-29 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-03-29 02:16 . 2010-04-02 04:26 -------- d-----w- c:\program files\McAfee Security Scan
    2010-03-29 02:16 . 2010-03-29 02:16 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
    2010-03-29 02:16 . 2010-03-29 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-03-29 02:16 . 2010-03-29 02:16 -------- d-----w- c:\program files\NOS
    2010-03-29 02:16 . 2010-03-22 20:53 32576 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    2010-03-29 02:16 . 2010-03-22 20:53 29984 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
    2010-03-27 08:00 . 2010-03-27 08:00 -------- d-----w- c:\program files\MSXML 4.0
    2010-03-26 22:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-03-26 22:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-26 22:05 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-03-26 22:05 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-03-26 22:05 . 2008-04-13 17:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2010-03-26 22:05 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-03-26 06:48 . 2010-03-26 06:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-18 07:05 . 2007-12-08 11:37 -------- d-----w- c:\program files\Java
    2010-04-17 09:30 . 2004-08-03 23:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2010-04-16 05:52 . 2008-04-18 02:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-16 05:48 . 2008-10-02 13:39 -------- d-----w- c:\program files\Shockwave.com
    2010-04-12 02:32 . 2007-12-22 18:50 -------- d-----w- c:\documents and settings\user\Application Data\MySpace
    2010-04-12 02:32 . 2007-12-22 18:50 -------- d-----w- c:\program files\MySpace
    2010-04-08 07:51 . 2007-12-08 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-03 23:53 . 2008-04-13 01:33 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
    2010-04-03 23:50 . 2008-01-14 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-04-03 23:50 . 2008-01-14 21:23 -------- d-----w- c:\program files\QuickTime
    2010-04-03 00:52 . 2009-01-25 18:56 -------- d-----w- c:\program files\Vuze
    2010-04-03 00:52 . 2009-01-25 18:56 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
    2010-03-10 06:15 . 2007-12-08 10:17 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2007-12-08 10:17 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2007-12-08 10:17 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33 . 2007-12-08 10:17 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2007-12-08 10:17 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-12-10 00:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
    "nwiz"="nwiz.exe" [2007-04-12 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-08-29 64160]
    R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-25 464264]
    R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-01-25 234888]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 15:42]

    2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

    2010-02-13 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8263418684.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\program files\MySpace\Toolbar\1.0.72.0\components\MySpaceFFoxTB.dll
    FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jysowtdi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-18 23:59
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-04-19 00:01:09
    ComboFix-quarantined-files.txt 2010-04-19 05:01
    ComboFix2.txt 2008-12-22 02:29
    ComboFix3.txt 2008-12-22 02:13

    Pre-Run: 222,471,987,200 bytes free
    Post-Run: 223,026,368,512 bytes free

    - - End Of File - - 8F161C34EFBC762542A6FB9AB4147577

    descriptionVirus.Pop up EmptyRe: Virus.Pop up

    more_horiz
    Hello.
    Did you uninstall the programs I listed here?
    http://www.GeekPolice.net/virus-spyware-malware-removal-f11/viruspop-up-t20977.htm#135684

    descriptionVirus.Pop up EmptyRe: Virus.Pop up

    more_horiz
    I got everything removed other then vuze it won't let me remove it something to do with java. Everything is removed

    descriptionVirus.Pop up EmptyRe: Virus.Pop up

    more_horiz
    So what can I do to get rid of it? Its bugging me now lol thanks for the help computer seems to be running a bit better

    descriptionVirus.Pop up EmptyRe: Virus.Pop up

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum