WiredWX Hobby Weather ToolsLog in

 


Spam

2 posters

descriptionSpam EmptySpam3rd October 2010, 2:56 pm

more_horiz
For the last few months I've been getting a lot of mail from people containing a link for Viagra and other medications. Now my computer seems to be the one sending them. How do I stop this????

descriptionSpam EmptyRe: Spam3rd October 2010, 11:37 pm

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionSpam EmptyRe: Spam4th October 2010, 2:17 am

more_horiz
OTL logfile created on: 10/3/2010 8:43:59 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Pappy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 133.81 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-D4EDF8C2442
Current User Name: Pappy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/23 19:26:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pappy\My Documents\Downloads\OTL.exe
PRC - [2010/09/23 08:28:48 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/19 21:34:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/19 21:34:48 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/19 21:34:44 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/19 21:34:23 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/19 21:33:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/19 21:33:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/19 15:41:01 | 000,015,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2010/05/07 08:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/07 08:36:08 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/30 12:52:52 | 000,047,456 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/03 04:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2003/03/26 06:34:12 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2010/09/23 19:26:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pappy\My Documents\Downloads\OTL.exe
MOD - [2009/12/29 15:05:02 | 000,378,880 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\nphooks.dll
MOD - [2009/12/29 15:01:24 | 000,482,304 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\communication.dll
MOD - [2009/12/29 15:01:10 | 000,453,120 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\nscore.dll
MOD - [2009/10/30 12:49:40 | 000,246,272 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2008/08/21 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/19 21:33:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/19 21:33:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/05/07 08:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Pappy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/19 21:36:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/19 21:36:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/19 21:36:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/29 15:10:04 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/12/29 15:09:44 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/12/29 15:08:04 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/12/29 15:08:02 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/22 17:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter1\FFAddon\ [2010/07/16 17:00:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 08:30:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/19 21:35:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/19 20:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 15:50:45 | 000,000,000 | ---D | M]

[2010/06/28 15:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Extensions
[2010/06/28 15:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/11/20 16:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/03 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions
[2010/07/22 10:26:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/27 07:30:06 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/07/22 10:26:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/19 10:43:54 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/24 13:18:15 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/12/04 12:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\toolbar@ask.com
[2009/10/16 13:05:34 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\bing.xml
[2009/12/31 22:03:27 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\mywebsearch.xml
[2010/07/24 13:18:13 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\sweetim.xml
[2010/10/03 19:27:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 07:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/01 07:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/25 21:47:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll ()
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Pappy\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Pappy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pappy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 17:29:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 180 Days ==========

[2010/09/27 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/27 16:39:45 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/09/27 14:35:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/25 21:34:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/25 21:31:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/25 21:31:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/19 21:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Local Settings\Application Data\AVG Security Toolbar
[2010/09/19 21:36:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/09/19 21:36:09 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/19 21:36:00 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/19 21:35:58 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/19 21:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/09/19 21:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/19 21:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/19 20:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\Uniblue
[2010/08/01 07:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/01 07:18:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/01 07:18:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/01 07:18:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/24 13:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2010/07/20 11:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/20 11:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/07/20 11:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/20 11:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/18 10:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/17 15:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/07/17 15:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/16 18:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Local Settings\Application Data\The Weather Channel
[2010/07/16 18:20:02 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2010/07/16 18:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel Toolbar
[2010/07/16 16:58:31 | 000,015,360 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys
[2010/07/16 16:58:31 | 000,010,368 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\km_filter.sys
[2010/07/16 16:58:20 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/07/16 16:58:09 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010/07/16 16:58:08 | 000,024,192 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielprt.sys
[2010/07/16 16:58:07 | 000,009,088 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielgfx.sys
[2010/07/16 16:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\NetRatingsNetSight
[2010/07/08 07:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\My Documents\Muff
[2010/07/01 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\My Documents\B&M
[2010/06/28 16:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\InterVideo
[2010/06/28 16:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\Leadertech
[2010/06/28 16:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2010/06/28 16:13:47 | 000,339,456 | ---- | C] (Intervideo Inc.) -- C:\WINDOWS\System32\IviMp3En.acm
[2010/06/28 16:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2010/06/28 15:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\My Documents\TomTom
[2010/06/28 15:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/28 15:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Local Settings\Application Data\TomTom
[2010/06/28 15:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\TomTom
[2010/06/28 15:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/28 15:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/06/25 08:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\licenses
[2010/06/25 08:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\PCMM2009
[2010/06/25 08:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\PCMM2010
[2010/06/07 20:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Application Data\PhotoScape
[2010/05/11 11:16:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/08 22:39:52 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/08 22:37:46 | 000,000,000 | ---D | C] -- C:\83d3773445b0649d1ac3424e
[2010/05/02 20:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/04/28 07:40:02 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/07 20:43:46 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 180 Days ==========

[2010/10/03 20:03:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\prvlcl.dat
[2010/10/03 19:54:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/03 08:13:49 | 065,597,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/03 04:58:19 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/03 04:58:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/03 04:57:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/03 04:57:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/02 07:24:15 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\Pappy\ntuser.dat
[2010/10/02 07:24:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pappy\ntuser.ini
[2010/09/30 20:04:58 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Manheim1.url
[2010/09/27 20:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 16:56:10 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/27 11:06:50 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\H-Body.url
[2010/09/26 19:43:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/26 14:52:35 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/25 21:47:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/25 21:34:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/24 20:03:20 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/24 20:03:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 08:18:09 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\GeekPolice.url
[2010/09/19 21:36:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/09/19 21:36:13 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/09/19 21:36:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/19 21:36:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/19 21:36:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/19 21:35:58 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/16 03:02:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 19:51:47 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 09:53:08 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Tomos.url
[2010/09/06 07:05:46 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\backpage.url
[2010/08/29 19:33:39 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Fab Forum.url
[2010/08/26 15:09:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Pappy\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/08/16 12:20:54 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Columbia Animal Hospital.url
[2010/08/15 12:06:11 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Dog Forum.url
[2010/08/13 03:03:42 | 000,488,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 03:03:42 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 03:03:42 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/06 20:36:55 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Burnout Box.url
[2010/08/03 11:26:50 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Career Link.url
[2010/08/02 22:09:02 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\ADRL.url
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 11:49:15 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/07/18 17:18:47 | 000,000,078 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Best Buy.url
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/17 02:42:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/16 16:58:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2010/07/16 16:58:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/30 17:30:50 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\cw dic.url
[2010/06/30 08:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/06/29 06:25:21 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\WEBSHOTS.url
[2010/06/28 16:13:52 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2010/06/27 23:22:11 | 000,062,020 | R--- | M] () -- C:\Documents and Settings\Pappy\My Documents\CCF04292007_00005.jpg
[2010/06/25 11:07:58 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/24 08:10:44 | 003,073,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/06/24 08:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/06/24 08:10:44 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/06/24 08:10:44 | 000,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/06/24 08:10:44 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/06/24 08:10:44 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/06/24 08:10:44 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/06/24 08:10:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/06/24 08:10:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/06/24 08:10:44 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/06/23 09:12:50 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/06/22 22:48:12 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\Document.rtf
[2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/06/18 09:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/18 08:18:17 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\CNN.url
[2010/06/17 10:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2010/06/15 12:17:24 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/14 09:38:16 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\USPS.url
[2010/06/14 03:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/06/09 03:43:36 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/06/07 20:48:01 | 000,036,864 | -H-- | M] () -- C:\Documents and Settings\Pappy\My Documents\photothumb.db
[2010/06/07 20:47:11 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\PhotoScape.lnk
[2010/06/02 16:01:31 | 000,427,980 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\preview-markesa-yeager-cgx1.jpg
[2010/05/23 21:48:56 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/17 16:09:14 | 000,313,794 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\timthumb.php.png
[2010/05/12 18:32:49 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/12 18:32:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/11 11:01:33 | 000,018,831 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\nos-14164-110nos_w.jpg
[2010/05/09 03:16:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/09 03:16:34 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/08 22:08:28 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\HAMB.url
[2010/05/08 10:14:46 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\DRR.url
[2010/05/02 12:28:12 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Dodge Ram.url
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 22:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/27 09:59:13 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/04/27 09:59:13 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/27 09:05:00 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/27 09:05:00 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/27 09:05:00 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/04/22 20:55:24 | 000,045,340 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\1011DSC_8098-WEB.jpg_thumb.png
[2010/04/21 15:10:53 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\French-English.url
[2010/04/21 13:15:02 | 000,021,323 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\hly-300-36.jpg
[2010/04/20 01:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/20 01:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/04/16 11:36:56 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/04/15 13:13:39 | 000,149,657 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\EmbeddedVideoPlayer.swf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/30 20:04:39 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Manheim1.url
[2010/09/27 11:06:33 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\H-Body.url
[2010/09/25 21:34:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/25 21:34:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/24 20:03:20 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Pappy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/24 20:03:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 08:17:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\GeekPolice.url
[2010/09/19 21:36:13 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/09/19 21:35:58 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/19 21:35:45 | 065,597,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/12 09:52:43 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Tomos.url
[2010/09/06 07:05:29 | 000,000,085 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\backpage.url
[2010/08/29 19:33:21 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Fab Forum.url
[2010/08/16 12:20:28 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Columbia Animal Hospital.url
[2010/08/15 12:05:54 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Dog Forum.url
[2010/08/06 20:36:33 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Burnout Box.url
[2010/08/03 11:26:43 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Career Link.url
[2010/08/02 22:08:41 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\ADRL.url
[2010/07/20 11:53:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/18 17:18:28 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Best Buy.url
[2010/07/17 15:37:42 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Pappy\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2010/07/16 18:20:02 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2010/07/16 18:20:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2010/07/16 16:58:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2010/07/16 16:58:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/30 17:30:33 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\cw dic.url
[2010/06/29 06:25:04 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\WEBSHOTS.url
[2010/06/28 16:13:52 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2010/06/28 16:13:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/06/28 16:13:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/06/28 16:13:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/06/28 16:13:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/06/28 16:13:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/06/28 16:13:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/06/27 23:22:43 | 000,062,020 | R--- | C] () -- C:\Documents and Settings\Pappy\My Documents\CCF04292007_00005.jpg
[2010/06/22 22:38:36 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\Document.rtf
[2010/06/18 08:17:58 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\CNN.url
[2010/06/14 09:37:56 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\USPS.url
[2010/06/07 20:48:01 | 000,036,864 | -H-- | C] () -- C:\Documents and Settings\Pappy\My Documents\photothumb.db
[2010/06/07 20:47:11 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\PhotoScape.lnk
[2010/06/02 16:01:31 | 000,427,980 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\preview-markesa-yeager-cgx1.jpg
[2010/05/17 16:09:13 | 000,313,794 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\timthumb.php.png
[2010/05/11 11:01:33 | 000,018,831 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\nos-14164-110nos_w.jpg
[2010/05/08 22:08:16 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\HAMB.url
[2010/05/08 10:14:32 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\DRR.url
[2010/05/02 12:27:56 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Dodge Ram.url
[2010/04/22 20:55:24 | 000,045,340 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\1011DSC_8098-WEB.jpg_thumb.png
[2010/04/21 15:10:53 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\French-English.url
[2010/04/21 13:15:02 | 000,021,323 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\hly-300-36.jpg
[2010/04/15 13:13:38 | 000,149,657 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\EmbeddedVideoPlayer.swf
[2010/04/06 22:58:38 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/06 22:58:38 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/04 09:48:40 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/12/04 09:47:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\xobni_installer_updater.log
[2009/11/10 18:34:52 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 09:44:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\prvlcl.dat
[2009/09/30 09:39:07 | 000,007,314 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009/09/30 09:36:43 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/20 17:06:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
< End of report >

descriptionSpam EmptyRe: Spam4th October 2010, 2:22 am

more_horiz
Extras.txt. Never showed up on my desktop

descriptionSpam EmptyRe: Spam4th October 2010, 11:01 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionSpam EmptyRe: Spam5th October 2010, 12:17 am

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4742

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/4/2010 8:16:29 PM
mbam-log-2010-10-04 (20-16-29).txt

Scan type: Quick scan
Objects scanned: 148334
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSpam EmptyRe: Spam5th October 2010, 9:33 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Spam CF_download_FF

    Spam CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Spam Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Spam Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSpam EmptyRe: Spam

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum