WIN32/Heur problem in XP Home - Tech-101 Free Computer Support

mat68046 · #1 (**permalink**) 01-06-2010, 08:38 PM

Hello!

I think my problem is minor compared to others I've read on this forum. I'm running AVG 9.0.725. It picked up and cleaned all sorts of junk except this HEUR bug that keeps coming up alongside run-time instances of SVCHOST on various process numbers, mostly 1192. That comes up as DcomLaunch, Termservice...

I ran through the 8 step and have hopefully uploaded the results correctly. The machine won't run AOL 9.0, Word 2000 and sometimes locks up overall. Internet performance has always been an issue so AVG running isn't helping but at least I'm somewhat protected. Through this forum (Thank you) I've realized that my USB backup HD file is corrupted also. That's a 23 gig file made by Ghost 15 that was also corrupted to the point of inoperation. Vundo has also popped up but not in the latest scan. I suspect it's lurking somewhere...

Any assistance is very much appreciated. I'm reluctant to send emails to anyone or do work on this machine until this is fixed.

-mat68046

"gmer.log" won't upload as it's considered an invalid file for some reason. I'll cut and paste the contents not knowing any better way (forgive me for being a newbie):

DDS.txt

Attach.zip

mbam-log-2010-01-06 (14-59-16).txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 19:28:19
Windows 5.1.2600 Service Pack 3
Running: 5s1e3roh.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\pxldipod.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF7859470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF7859520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF78595C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF7859660]

---- Kernel code sections - GMER 1.0.15 ----

? nohedjko.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[220] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[1192] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0096000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1812] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2100] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe[1868] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

mat68046 · #2 (**permalink**) 01-06-2010, 09:00 PM

Couple of other oddities that may or not be relevant:
1. Laptop fails to "see" the CD/DVD drive...occasionally
2. IE8 doesn't load home page, claiming that it isn't smart enough to figure out that I have more than one wireless adapter installed. The 2nd one is disabled but is there because at one point the on-board wireless was tweaking badly; suffering 50-75% packet data loss to the router. Had to install PCMCIA wireless card for a while. This has since "fixed itself", for now.

mat68046 · #3 (**permalink**) 01-06-2010, 09:51 PM

Good news (I apologize, I feel like I'm "tweeting, here")
The AOL and IE8 problems were one and the same. IE had a proxy settings switch enabled rather than "detect settings automatically"...Cured both programs since IE is used by AOL.

As for the DVD+RW drive, my suspicion is that the OS was having problems assigning a drive letter as the hard-drive mounting screws were loose causing intermittent drive problems. Hasn't happened since the HD was secured tightly.

The wireless problem happened after the drive situation was rectified so that's still a mystery.

...And, recently, Mozilla has been acting up when going to websites I'm getting re-directed to other sites. Re-enabled the Link Scanner in AVG and re-loaded Mozilla. That's "fixed", for now, but telling of the imminent threats I need to correct.

Can't blame the darned virus for EVERYTHING, can we???

mat68046 · #4 (**permalink**) 01-07-2010, 12:22 PM

Combofix and RootRepealer "fixed" the Firefox re-directing problem and the WIN32/ Heur virus. AVG has been silent since then. Word 2000 still won't run. I may re-install the program and re-scan the system.

Please let me know what follow-up I should do and whether to post same.

I don't want any false sense of security here.

-mat

kritius · #5 (**permalink**) 01-08-2010, 04:10 AM

Can you post the ComboFix log please?

mat68046 · #6 (**permalink**) 01-08-2010, 03:30 PM

Thank you for replying to my post, Kritius!

Status is: Word won't load except with the /a switch. Deleted the normal.dot and did in-program repair. No luck. I had Desktop issue that "went away" which was the I had no right-click functions. I tried to create a new folder on the desktop and couldn't. That has abated. Considering that the machine's personality isn't constant, I don't think I'm out of the woods.

Please advise if I should re-do any of the Steps.

Here's the ComboFix logfile:

ComboFix 10-01-04.01 - Mark 01/07/2010 9:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.679 [GMT -5:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZUMIE_SEARCH_SERVICE

((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-07 14:42 . 2010-01-07 14:42 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-01-07 03:59 . 2010-01-07 03:59 81 ----a-w- C:\CTX.DAT
2010-01-07 03:59 . 2010-01-07 03:59 -------- d-----w- c:\documents and settings\Mark\Citrix
2010-01-06 14:34 . 2010-01-06 14:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 13:28 . 2010-01-06 13:28 72192 ----a-w- C:\tasklist.exe
2010-01-05 15:56 . 2010-01-05 15:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-01-05 15:40 . 2010-01-05 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-01-05 15:28 . 2010-01-05 15:57 -------- d-----w- C:\$AVG
2010-01-05 15:27 . 2010-01-06 02:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-05 15:27 . 2010-01-05 15:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-05 15:27 . 2010-01-06 02:05 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-05 15:27 . 2010-01-07 12:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-05 15:26 . 2010-01-05 15:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-05 15:26 . 2010-01-05 15:26 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-05 15:26 . 2010-01-06 02:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-05 15:25 . 2010-01-05 15:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-05 15:25 . 2010-01-05 15:25 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-05 15:25 . 2010-01-05 15:25 -------- d-----w- c:\program files\AVG
2010-01-05 15:25 . 2010-01-06 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-05 06:03 . 2010-01-05 06:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-05 04:23 . 2010-01-05 23:37 -------- d-----w- c:\documents and settings\Mark\Application Data\Stamps.com Internet Postage
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2010-01-05 03:57 . 2010-01-05 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}
2010-01-05 03:56 . 2010-01-06 03:38 36 ---ha-w- c:\windows\system32\f9t.dat
2010-01-05 03:56 . 2010-01-05 06:23 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-01-05 03:52 . 2010-01-05 03:52 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Seven Zip
2010-01-03 23:44 . 2010-01-06 01:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 17:24 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-01-01 00:03 . 2003-04-14 03:25 151808 ----a-r- c:\windows\system32\drivers\LSRTNDS.sys
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\Nokia
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\PC Suite
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-29 01:41 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-29 01:41 . 2009-10-06 16:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Nokia
2009-12-29 01:40 . 2009-12-29 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-28 05:58 . 2009-12-28 05:58 -------- d-----w- c:\program files\HDD Health
2009-12-25 01:01 . 2009-12-25 01:02 -------- d-----w- C:\VProRecovery
2009-12-25 00:57 . 2009-12-25 00:57 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Symantec_Corporation
2009-12-25 00:31 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-25 00:29 . 2009-12-25 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-12-24 21:47 . 2009-12-24 21:59 -------- d-----w- c:\windows\system32\NtmsData
2009-12-14 15:34 . 2009-12-14 15:34 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\HP
2009-12-14 15:25 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-11 15:07 . 2009-12-11 15:07 -------- d---a-w- C:\office2003pro
2009-12-11 00:02 . 2004-03-22 07:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.d ll
2009-12-11 00:02 . 2004-03-22 07:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-12-10 23:59 . 2009-12-10 23:59 -------- d-----w- c:\program files\Common Files\L&H
2009-12-10 23:58 . 2009-12-10 23:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-10 23:55 . 2009-12-10 23:55 -------- d-----w- c:\program files\Microsoft Works
2009-12-10 23:52 . 2009-12-10 23:56 -------- d-----w- c:\program files\Microsoft Office2003
2009-12-10 23:52 . 2009-12-10 23:52 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 15:12 . 2010-01-07 13:02 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData
2009-12-10 15:05 . 2009-04-16 19:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v .dll
2009-12-10 15:05 . 2009-04-16 19:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2009-12-10 14:55 . 2009-12-10 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-07 04:48 . 2008-01-25 04:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 18:32 . 2009-02-22 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 14:43 . 2008-01-25 03:24 -------- d-----w- c:\program files\Java
2010-01-06 14:27 . 2010-01-06 14:27 79488 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 12:57 . 2009-06-28 22:54 -------- d-----w- c:\documents and settings\Mark\Application Data\uTorrent
2010-01-06 01:41 . 2008-01-25 03:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-06 00:59 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-05 17:11 . 2008-02-02 01:56 123344 ----a-w- c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 15:43 . 2008-01-25 03:40 -------- d-----w- c:\program files\HP
2010-01-05 15:27 . 2010-01-06 02:06 12464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2010-01-05 15:27 . 2010-01-06 02:06 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-01-05 15:26 . 2010-01-06 02:06 502040 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2010-01-05 15:26 . 2010-01-06 01:58 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-01-05 15:26 . 2010-01-06 01:58 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-01-05 15:26 . 2010-01-06 01:58 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-01-05 15:26 . 2010-01-06 01:58 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-01-05 15:26 . 2010-01-06 02:06 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-01-05 06:22 . 2010-01-05 03:58 2520483 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe
2010-01-05 06:21 . 2010-01-05 03:58 2513557 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe
2010-01-05 06:21 . 2010-01-05 03:58 2512898 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe
2010-01-04 15:46 . 2009-11-09 00:33 -------- d-----w- c:\documents and settings\Mark\Application Data\LimeWire
2010-01-01 00:05 . 2008-02-07 04:22 -------- d-----w- c:\program files\Speeditup Free
2009-12-31 23:25 . 2009-10-05 23:54 -------- d-----w- c:\documents and settings\Mark\Application Data\HpUpdate
2009-12-31 23:23 . 2009-07-06 23:45 256 ----a-w- c:\documents and settings\Mark\pool.bin
2009-12-30 19:55 . 2009-02-22 07:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-02-22 07:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 01:42 . 2009-09-05 00:02 -------- d-----w- c:\program files\DIFX
2009-12-29 01:40 . 2009-12-29 01:40 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpc si.exe
2009-12-29 01:40 . 2009-12-29 01:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst CCD.exe
2009-12-29 01:40 . 2009-12-29 01:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-12-29 01:40 . 2009-12-29 01:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCS.exe
2009-12-28 02:44 . 2009-12-29 01:40 34440160 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_us_web.e xe
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMou nt_01009.Wdf
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:57 5121427 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\stamps.exe
2009-12-17 21:26 . 2010-01-05 03:57 321108 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\mia.dll
2009-12-15 21:40 . 2009-11-14 00:15 -------- d-----w- c:\documents and settings\Mark\Application Data\Apple Computer
2009-12-14 15:34 . 2008-02-02 01:55 -------- d-----w- c:\documents and settings\Mark\Application Data\HP
2009-12-10 15:07 . 2008-01-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-30 13:50 . 2008-02-03 11:32 79379 ----a-w- c:\windows\hpfins05.dat
2009-11-26 00:23 . 2009-06-13 01:04 256 ----a-w- c:\windows\system32\pool.bin
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 18:59 . 2009-11-14 00:14 -------- d-----w- c:\program files\iTunes
2009-11-14 00:15 . 2009-11-14 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 00:14 . 2009-11-09 00:11 -------- d-----w- c:\program files\iPod
2009-11-14 00:14 . 2009-11-14 00:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\program files\QuickTime
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-14 00:12 . 2009-11-14 00:12 -------- d-----w- c:\program files\Apple Software Update
2009-11-14 00:11 . 2009-11-14 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-14 00:10 . 2008-01-25 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-09 00:28 . 2009-11-09 00:28 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-11-09 00:13 . 2009-11-09 00:13 -------- d-----w- c:\program files\MUSICMATCH
2009-11-03 02:34 . 2009-11-03 02:34 26694 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{79CA0DF6-8860-4680-BDFF-D3E34BAA9244}\BlackBerry.exe
2009-11-01 18:47 . 2009-11-01 18:47 53248 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-06-15 1692672]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HostManager"="c:\program files\Common Files\AOL\1204169715\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-06 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-06 02:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 15:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 19:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-06-02 21:18 143360 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 15:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 16:39 94208 ------w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-02-01 23:41 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-09-08 00:41 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-08 16:24 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
2009-12-23 16:42 2274816 ----a-w- c:\program files\Speeditup Free\SpeedItUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 19:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 19:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"TetherBerry"=2 (0x2)
"SymSnapService"=3 (0x3)
"ServiceLayer"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"NitroDriverReadSpool"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GenericMount Helper Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)
"astcc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TrkWks"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"BITS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204169715\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\driv ers\AVGIDSxx.sys [1/5/2010 10:26 AM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [1/5/2010 10:26 AM 161800]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [6/27/2008 2:05 PM 19478]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 10:27 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 10:26 AM 360584]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [6/27/2008 2:05 PM 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [6/27/2008 2:05 PM 431236]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/5/2010 9:05 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/5/2010 9:05 PM 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/5/2010 9:05 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwd x.sys [1/5/2010 10:25 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.s ys [1/5/2010 10:26 AM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.s ys [1/5/2010 10:26 AM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 10:26 AM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [1/24/2008 10:12 PM 200192]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [6/27/2008 2:05 PM 64093]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 10:25 AM 30104]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sy s --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [12/31/2009 7:03 PM 151808]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [11/1/2009 10:12 PM 45608]
S4 TetherBerry;TetherBerry;c:\program files\TetherBerry\TBService.exe [11/1/2009 10:12 PM 49056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-04 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-05-25 21:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myfairpoint.net
TCP: {44960C04-0BA0-425A-A6F9-45CE1B4AC30F} = 208.67.222.222,208.67.220.220
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\ebxz7oyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dl l
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.d ll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
MSConfigStartUp-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\cdas198.exe
MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
MSConfigStartUp-Verizon Custom Uninstall Tracking - c:\docume~1\Mark\LOCALS~1\Temp\InstallHelper.exe
MSConfigStartUp-Verizon_McciTrayApp - c:\program files\Verizon\McciTrayApp.exe
MSConfigStartUp-Windows Update - c:\windows\system32\Updater.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(356)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
.
************************************************** ************************
.
Completion time: 2010-01-07 10:01:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 15:01

Pre-Run: 27,626,311,680 bytes free
Post-Run: 27,601,297,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 880B7AA0049D2232043221A242FFD4F9

kritius · #7 (**permalink**) 01-09-2010, 04:15 AM

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

mat68046 · #8 (**permalink**) 01-10-2010, 12:56 PM

Machine boots horribly slow and still has the SPeedItUpFree browser autoload. That went away, as did the WIN32/ Heur, when I ran ComboFix but is back since an update. My bad on that one, should use a different RAM optimizer (suggestions?)

Here is the mbam logfile which shows no infections...

Malwarebytes' Anti-Malware 1.44
Database version: 3535
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/10/2010 12:50:08 PM
mbam-log-2010-01-10 (12-50-08).txt

Scan type: Quick Scan
Objects scanned: 123134
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

kritius · #9 (**permalink**) 01-10-2010, 01:27 PM

Post a fresh DDS log for me.

mat68046 · #10 (**permalink**) 01-10-2010, 04:55 PM

Here is the DDS log:

I can't upload the zipped Attach file. My internet throughput is almost non-existent now. Took 6 minutes to load this thread. Of course my wife's MAC works fine, wireless and all. The only way I know I got your reply is because I use my BlackBerry as a notification service. I don't bother trying to load any mail.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mark at 16:25:53.10 on Sun 01/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.583 [GMT -5:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: PcWinTech Toolbar: {6fc6fe49-c1ea-4cc0-bfe8-acb42adc059e} - c:\program files\pcwintech\tbPcWi.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: PcWinTech Toolbar: {6fc6fe49-c1ea-4cc0-bfe8-acb42adc059e} - c:\program files\pcwintech\tbPcWi.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: PcWinTech Toolbar: {6fc6fe49-c1ea-4cc0-bfe8-acb42adc059e} - c:\program files\pcwintech\tbPcWi.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HDDHealth] c:\program files\hdd health\hddhealth.exe -wl
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HostManager] c:\program files\common files\aol\1204169715\ee\AOLSoftware.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mic ros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: myfairpoint.net
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activate.myfairpoint.net/sdccommon/download/FairPoint/tgctlcm.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: {B137C99D-5365-4A2C-A95F-D1A48982983B} = 208.67.222.222,208.67.220.220
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles \ebxz7oyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dl l
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.d ll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\driv ers\AVGIDSxx.sys [2010-1-5 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [2010-1-5 161800]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [2008-6-27 19478]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-5 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-5 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-5 360584]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [2008-6-27 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [2008-6-27 431236]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-5 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-1-5 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-1-5 5832712]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-6-28 28952920]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwd x.sys [2010-1-5 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.s ys [2010-1-5 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.s ys [2010-1-5 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-1-5 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [2008-1-24 200192]
R3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2009-11-1 45608]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [2008-6-27 64093]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-5 30104]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sy s --> c:\windows\system32\drivers\GenericMount.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [2009-12-31 151808]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S4 TetherBerry;TetherBerry;c:\program files\tetherberry\TBService.exe [2009-11-1 49056]

=============== Created Last 30 ================

2010-01-10 17:04:59 0 d-----w- c:\windows\system32\AGEIA
2010-01-09 16:42:16 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-01-09 16:42:16 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-01-09 16:42:15 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-01-09 16:42:13 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-01-09 16:42:10 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-01-09 16:42:10 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-01-09 16:42:08 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-01-09 16:42:06 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-01-09 16:42:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-01-09 16:42:01 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-01-09 16:40:20 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-09 16:38:00 0 d-----w- c:\windows\Logs
2010-01-09 16:32:29 0 d-----w- c:\program files\Crane Simulator 2009
2010-01-09 01:57:00 0 d-----w- c:\program files\Conduit
2010-01-09 01:56:55 0 d-----w- c:\program files\PcWinTech
2010-01-09 01:56:53 0 d-----w- C:\Documents
2010-01-09 01:56:24 32768 ----a-w- c:\windows\system32\CleanMem.exe
2010-01-09 01:56:24 121856 ----a-w- c:\windows\system32\schtasks.exe
2010-01-09 01:56:15 0 d-----w- c:\windows\CleanMem
2010-01-09 01:56:14 0 d-----w- c:\program files\CleanMem
2010-01-08 16:03:15 88 --sh--r- c:\windows\system32\77C6EFDC64.sys
2010-01-08 16:03:14 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-08 16:03:07 0 d-----w- c:\docume~1\mark\applic~1\IsolatedStorage
2010-01-08 15:59:33 94208 ----a-w- c:\windows\system32\msvci70d.dll
2010-01-08 15:59:33 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-01-08 15:43:12 0 d-----w- c:\docume~1\mark\applic~1\ACT
2010-01-08 15:43:12 0 d-----w- c:\docume~1\alluse~1\applic~1\ACT
2010-01-08 15:42:45 0 d-----w- c:\program files\Microsoft SQL Server
2010-01-08 15:42:45 0 d-----w- c:\program files\ACT
2010-01-07 19:22:22 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-07 19:22:22 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-07 19:22:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2010-01-07 14:31:05 0 d-sha-r- C:\cmdcons
2010-01-07 14:27:31 98816 ----a-w- c:\windows\sed.exe
2010-01-07 14:27:31 77312 ----a-w- c:\windows\MBR.exe
2010-01-07 14:27:31 261632 ----a-w- c:\windows\PEV.exe
2010-01-07 14:27:31 161792 ----a-w- c:\windows\SWREG.exe
2010-01-07 03:59:56 81 ----a-w- C:\CTX.DAT
2010-01-07 03:59:47 0 d-----w- c:\documents and settings\mark\Citrix
2010-01-06 14:34:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 13:28:42 72192 ----a-w- C:\tasklist.exe
2010-01-05 15:40:01 0 d-----w- c:\docume~1\alluse~1\applic~1\AT&T
2010-01-05 15:28:03 0 d-----w- C:\$AVG
2010-01-05 15:27:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-05 15:27:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-05 15:27:08 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-05 15:26:51 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-05 15:26:49 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-05 15:26:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-05 15:25:38 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-05 15:25:38 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-05 15:25:37 0 d-----w- c:\program files\AVG
2010-01-05 15:25:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-05 04:23:04 0 d-----w- c:\docume~1\mark\applic~1\Stamps.com Internet Postage
2010-01-05 03:58:51 0 d-----w- c:\docume~1\alluse~1\applic~1\{D9AA4D17-9292-410D-9AA5-84526D062900}
2010-01-05 03:58:38 0 d-----w- c:\docume~1\alluse~1\applic~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2010-01-05 03:58:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2010-01-05 03:57:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}
2010-01-05 03:56:59 36 ---ha-w- c:\windows\system32\f9t.dat
2010-01-05 03:56:59 0 d-----w- c:\program files\Stamps.com Internet Postage
2010-01-04 02:33:39 108336 ----a-w- c:\windows\system32\mswinsck.ocx
2010-01-01 17:24:29 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-01-01 00:03:34 151808 ----a-r- c:\windows\system32\drivers\LSRTNDS.sys
2009-12-29 01:41:57 0 d-----w- c:\program files\common files\PCSuite
2009-12-29 01:41:49 0 d-----w- c:\program files\common files\Nokia
2009-12-29 01:41:35 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 01:41:27 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-29 01:41:19 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-29 01:41:18 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-29 01:41:18 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-29 01:41:15 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-29 01:41:15 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-29 01:41:15 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-29 01:41:10 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 01:41:09 0 d-----w- c:\program files\Nokia
2009-12-28 05:58:11 0 d-----w- c:\program files\HDD Health
2009-12-28 05:45:43 4096 --sha-w- C:\VSNAP.IDX
2009-12-25 01:01:46 0 d-----w- C:\VProRecovery
2009-12-25 00:31:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMou nt_01009.Wdf
2009-12-25 00:31:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-12-25 00:31:20 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-25 00:29:47 0 d-----w- c:\docume~1\alluse~1\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-12-24 21:47:00 0 d-----w- c:\windows\system32\NtmsData
2009-12-14 15:25:09 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 03:56:28 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca7adf14fefc92. mof

==================== Find3M ====================

2010-01-08 06:09:04 256 ----a-w- c:\documents and settings\mark\pool.bin
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 00:59:10 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-30 13:50:25 79379 ----a-w- c:\windows\hpfins05.dat
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

============= FINISH: 16:26:20.76 ===============

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode