Antispyware virus

i tried to install the java update (JR 20) as suggested, but was unable. I clicked on 'properties' and then the 'securities' tab to try and give myself full control, but somehow, i can't click on the box to do it. (i am now running in safe mode, but i ran hijack this in normal mode. i can't access the internet in normal mode.

i would appreciate any suggestions!

thanks!

here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:44, on 10/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\docume~1\amirkh~1\locals~1\temp\cdm\{297e1012-4312-40c4-a0bd-fd3feb4d3a2b}\STacSV.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\Amir Khan\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=minipavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Amir Khan\Application Data\E9E7D140539D1D37BE944390C03CB943\gotnewupdate000.exe
O4 - HKUS\S-1-5-18\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\amirkh~1\locals~1\temp\cdm\{297e1012-4312-40c4-a0bd-fd3feb4d3a2b}\STacSV.exe

--
End of file - 8030 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
  R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
  O2 - BHO: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
  O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
  O4 - HKLM\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe
  O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Amir Khan\Application Data\E9E7D140539D1D37BE944390C03CB943\gotnewupdate000.exe
  O4 - HKUS\S-1-5-18\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'Default user')
  O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

awesome! thanks belahzur. i'm already back online in normal mode after following your steps.

the only line i couldn't find in the hijackthis log that i took was this one:


O4 - HKLM\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe


Anyhow, I erased the other ones, then ran malaware, and this was the log i got:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4091

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/05/2010 23:07:21
mbam-log-2010-05-11 (23-07-21).txt

Scan type: Quick scan
Objects scanned: 136620
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



look forward to hearing what to do next! thanks again!

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

cool. alright, here's the OTL.Txt:



OTL logfile created on: 12/05/2010 18:56:29 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Amir Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.26 Gb Total Space | 2.21 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMIR
Current User Name: Amir Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 18:55:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
PRC - [2010/04/20 12:49:28 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 12:49:13 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 11:18:39 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 11:14:53 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 11:14:35 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 11:12:23 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/20 01:41:08 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/18 19:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/15 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 18:55:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
MOD - [2008/04/15 00:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/03/12 11:14:35 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/03 21:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Documents and Settings\Amir Khan\Local Settings\Temp\CDM\{297E1012-4312-40C4-A0BD-FD3FEB4D3A2B}\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/05/08 04:08:11 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/08 04:08:11 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/04/20 12:49:15 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 11:14:49 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 11:12:23 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/03 21:43:18 | 001,640,131 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/19 16:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/05 02:35:56 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/12/04 18:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/27 14:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/15 00:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 10:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=minipavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk = C:\Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 18:55:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
[2010/05/12 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\EDraw Flowchart
[2010/05/12 14:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Desktop\CUPE 2626
[2010/05/10 17:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku
[2010/05/10 00:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Desktop\Trend Micro
[2010/05/09 15:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Desktop\Virus Kill
[2010/05/09 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/09 14:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/09 10:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/08 20:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\SUPERAntiSpyware.com
[2010/05/08 20:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010/05/08 16:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/07 23:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\Malwarebytes
[2010/05/07 23:05:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 23:05:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/07 23:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/07 23:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/07 23:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 22:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/07 22:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/07 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\odqtocaww
[2010/05/07 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\E9E7D140539D1D37BE944390C03CB943
[2010/05/07 20:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Conduit
[2010/05/07 20:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Radio_Bar_2
[2010/05/03 19:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Edraw Max
[2010/04/29 21:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Tax2009
[2010/04/28 19:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 15:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Windows Live Writer
[2010/04/28 15:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\Windows Live Writer
[2010/04/28 15:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\My Weblog Posts
[2010/04/27 18:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Random writings
[2010/04/27 18:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Echoes of Modernism
[2010/04/27 18:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Up in the Air
[2010/04/20 13:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Professional Stuff
[2010/04/18 14:34:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Amir Khan\Desktop\*.tmp files -> C:\Documents and Settings\Amir Khan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 18:55:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
[2010/05/12 17:51:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 17:45:27 | 000,025,888 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\test.pdf
[2010/05/12 17:43:16 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk
[2010/05/12 17:29:14 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Edraw Max.lnk
[2010/05/12 17:09:40 | 000,401,539 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Drawing2.edx
[2010/05/12 17:01:17 | 000,553,399 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\CUPE Chart.pdf
[2010/05/12 16:42:10 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/12 16:42:10 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/12 16:42:08 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/12 16:38:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1649782408-1819595793-3639537972-1006.job
[2010/05/12 16:37:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 16:37:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 16:37:47 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 15:50:39 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Amir Khan\NTUSER.DAT
[2010/05/12 15:50:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Amir Khan\ntuser.ini
[2010/05/12 15:50:23 | 003,223,712 | -H-- | M] () -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\IconCache.db
[2010/05/12 14:04:51 | 059,877,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/11 22:35:38 | 000,002,348 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\HiJackThis.lnk
[2010/05/11 21:51:06 | 000,061,184 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\syssvc.exe
[2010/05/09 09:39:53 | 000,000,877 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/05/08 13:19:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1649782408-1819595793-3639537972-1006.job
[2010/05/07 22:04:39 | 000,050,990 | ---- | M] () -- C:\WINDOWS\System32\mlmdwqveeqfmsdkv.exe
[2010/05/07 20:43:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\~$ir Khan - RESUME.docx
[2010/05/07 20:39:09 | 000,017,878 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - COVERING LETTER.docx
[2010/05/07 20:38:55 | 000,044,559 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - RESUME.docx
[2010/05/06 23:39:44 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/06 14:46:26 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\My Documents.lnk
[2010/05/05 17:24:39 | 000,010,591 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\POST DOC.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:01:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/28 17:30:27 | 000,020,062 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Bathroom break.docx
[2010/04/27 19:03:32 | 000,011,797 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\DAL.docx
[2010/04/23 14:32:43 | 002,800,754 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Dead Souls - HUNTINGTON.pdf
[2010/04/20 12:49:15 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/18 03:10:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/04/17 00:08:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 23:24:37 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Summer itinerary.doc
[2010/04/13 17:36:52 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Interview Questions-LA-Charlton-March06.doc
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Amir Khan\Desktop\*.tmp files -> C:\Documents and Settings\Amir Khan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 17:45:26 | 000,025,888 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\test.pdf
[2010/05/12 17:43:16 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk
[2010/05/12 17:00:53 | 000,553,399 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\CUPE Chart.pdf
[2010/05/12 13:56:52 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/11 21:51:05 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\syssvc.exe
[2010/05/10 11:41:41 | 000,401,539 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Drawing2.edx
[2010/05/10 00:45:30 | 000,002,348 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\HiJackThis.lnk
[2010/05/08 01:26:49 | 000,000,877 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/05/07 22:04:39 | 000,050,990 | ---- | C] () -- C:\WINDOWS\System32\mlmdwqveeqfmsdkv.exe
[2010/05/07 20:43:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\~$ir Khan - RESUME.docx
[2010/05/07 20:35:26 | 000,044,559 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - RESUME.docx
[2010/05/06 15:32:44 | 000,017,878 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - COVERING LETTER.docx
[2010/05/06 14:46:15 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\My Documents.lnk
[2010/05/05 17:06:29 | 000,010,591 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\POST DOC.docx
[2010/05/03 19:16:38 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Edraw Max.lnk
[2010/04/28 19:57:09 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/27 19:03:31 | 000,011,797 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\DAL.docx
[2010/04/23 14:32:43 | 002,800,754 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Dead Souls - HUNTINGTON.pdf
[2010/04/16 23:09:32 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Summer itinerary.doc
[2010/04/13 17:36:52 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Interview Questions-LA-Charlton-March06.doc
[2010/01/07 21:01:00 | 000,001,840 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/05 02:22:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 13:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/15 00:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/15 00:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/15 00:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/15 00:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/15 00:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

when i try to post the Extras.Txt log, I am not able. Suddenly my connection is unavailable. Is this because I have to wait for a response before posting a second message?? but then, why is THIS post working???

okay i ran OTL again, and this time, i don't even get an Extras log. So now, I have my original OTL log (posted above), an Extras log (which I cannot post), and another OTL log, which, I'm assuming is the same as above.

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - No CLSID value found.
  O4 - Startup: C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk = C:\Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe ()
  [2010/05/10 17:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku
  [2010/05/07 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\odqtocaww
  [2010/05/12 17:43:16 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk
  [2010/05/07 22:04:39 | 000,050,990 | ---- | M] () -- C:\WINDOWS\System32\mlmdwqveeqfmsdkv.exe
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

alright! here it is:


========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9BB815EB-3F9F-4E11-9150-CB70E29B40FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB815EB-3F9F-4E11-9150-CB70E29B40FC}\ not found.
C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk moved successfully.
C:\Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku folder moved successfully.
C:\Documents and Settings\Amir Khan\Local Settings\Application Data\odqtocaww folder moved successfully.
File C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk not found.
C:\WINDOWS\system32\mlmdwqveeqfmsdkv.exe moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05132010_193721

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

okay here's the log. thanks again!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/05/2010 10:38:54
mbam-log-2010-05-14 (10-38-54).txt

Scan type: Quick scan
Objects scanned: 149266
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Amir Khan\Local Settings\Temp\wmpscnfg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Hello.

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

here's the eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1bc6fbc6db5ac44ca791903ebf58b710
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-15 02:31:42
# local_time=2010-05-14 10:31:42 (-0500, Eastern Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9332959 9332959 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=26298
# found=2
# cleaned=2
# scan_time=5918
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217\Portable.Edraw.Max.Professional.v5.1.0.1217\Edraw Max Professional v5.1.0.1217\Portable Edraw Max Professional v5.1.0.1217.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05132010_193721\C_Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

okay! here's the fix log:

========== FILES ==========
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217\Portable.Edraw.Max.Professional.v5.1.0.1217\Edraw Max Professional v5.1.0.1217 folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217\Portable.Edraw.Max.Professional.v5.1.0.1217 folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217 folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Edraw Max\setup folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Edraw Max\redt folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Edraw Max folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\ Microsoft Office Word 2008 + CD KEY folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05162010_234955

Hello.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

How is the machine running now?

the machine has been running well today. last night it was a bit slow and heating up rather quickly, but sometimes it just does that.

thanks for all your help! i'll be sure to make a donation.

hi, i'm back again.

today i was getting 'resident shield' alerts from my AVG software, so I ran it and it found 78 tracking cookies.

The computer seems to run well otherwise, though it does heat up awfully fast now.

Is there anything else I ought to do?