The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

DCGWHPOH.exe

Posted 12/11/2009 11:36 AM
#80865
User avatar

MartinT Member

Date Joined Nov 2016
Total Posts: 1
Has anyone seen this nasty one...if so how to get rid of it. It leaves the file DCGWHPOH.exe in root dir
Posted 12/19/2009 4:29 AM
#81136
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Welcome to BG forums MartinT,

Are you just seeking information, or is your system infected and you would like assistance in doing the repairs? I will assume the second part of that, and so let's get some details to work with here.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Posted 1/6/2010 11:39 PM
#81687
User avatar

kelly2132131 Member

Date Joined Nov 2016
Total Posts: 5
I got this bugger. Here is a dump of the log files. Any help would be greatly appreciated.

info file contents:

info.txt logfile of random's system information tool 1.06 2010-01-06 16:30:38

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Defender 2.0.6.11-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Canon PIXMA iP6000D-->C:\WINDOWS\system32\CNMCP69.exe "-PRINTERNAMECanon PIXMA iP6000D" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP6000D Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP6000D Installer\Inst2\cnmi0409.dll"
ClientTools-->MsiExec.exe /I{DE5DF44E-F8B1-480D-BC26-59410FACDBAC}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free WMA to MP3 Converter 1.16-->"C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Gears-->MsiExec.exe /I{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HD Tach version 3-->"C:\Program Files\Simpli Software\HD Tach\unins000.exe"
HDView for Internet Explorer-->MsiExec.exe /I{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}
HijackThis 2.0.2-->"C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\9Q6F6AK1\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
I8kfanGUI V3.1-->"C:\Program Files\I8kfanGUI\uninstall.exe"
InstallMgr-->MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Default Manager-->MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN Toolbar-->"C:\Program Files\Microsoft\Search Enhancement Pack\InstallMgr\InstallMgr.exe"
MSN Toolbar-->MsiExec.exe /X{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NeoPaint 4.6c-->C:\PROGRA~1\NEOPAI~1\UNWISE.EXE C:\PROGRA~1\NEOPAI~1\INSTALL.LOG
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OLYMPUS CAMEDIA Master 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.3
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Polar ProTrainer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}\setup.exe" -l0x9
Polar WebLink 2.4.11-->MsiExec.exe /X{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TurboTax Deluxe 2007-->E:\Data Files\Turbo Tax\2007\TurboTax Deluxe 2007\TaxUnst.EXE "E:\Data Files\Turbo Tax\2007\TurboTax Deluxe 2007\Uninstall.log" -NoGui
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Drive Manager (x86)-->MsiExec.exe /X{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}
WD Spindown or Stop Utility for External Drive, v1.00-->MsiExec.exe /I{BE6F412F-C276-4FD8-B3E1-F996CC172776}
WeatherBug Browser Bar - powered by MyWebSearch-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\w6Bar.dll,O
WeatherBug-->msiexec /I{25B052BB-7126-4412-99D9-3D9448235FE4} UNINSTALL="1"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0 MUI pack-->"C:\WINDOWS\$NtUninstallKB926141$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free
AV: avast! antivirus 4.8.1368 [VPS 100106-1]

======System event log======

Computer Name: DAD
Event Code: 7000
Message: The avast! Web Scanner service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 5287
Source Name: Service Control Manager
Time Written: 20091107180547.000000-360
Event Type: error
User:

Computer Name: DAD
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

Record Number: 5286
Source Name: Service Control Manager
Time Written: 20091107180547.000000-360
Event Type: error
User:

Computer Name: DAD
Event Code: 7000
Message: The avast! Web Scanner service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 5283
Source Name: Service Control Manager
Time Written: 20091107180501.000000-360
Event Type: error
User:

Computer Name: DAD
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

Record Number: 5282
Source Name: Service Control Manager
Time Written: 20091107180501.000000-360
Event Type: error
User:

Computer Name: DAD
Event Code: 7000
Message: The avast! Web Scanner service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 5281
Source Name: Service Control Manager
Time Written: 20091107180428.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: DAD
Event Code: 1517
Message: Windows saved user DAD\Kelly registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 37
Source Name: Userenv
Time Written: 20091007185819.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAD
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 30
Source Name: EvntAgnt
Time Written: 20091007174305.000000-360
Event Type: warning
User:

Computer Name: DAD
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 29
Source Name: EvntAgnt
Time Written: 20091007174305.000000-360
Event Type: warning
User:

Computer Name: DAD
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 7
Source Name: EvntAgnt
Time Written: 20091004172648.000000-360
Event Type: warning
User:

Computer Name: DAD
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 6
Source Name: EvntAgnt
Time Written: 20091004172648.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



log file contents:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kelly at 2010-01-06 16:28:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (58%) free of 95 GB
Total RAM: 511 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:15 PM, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\JSS4BI9Z\aswclnr[1].exe
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\JSS4BI9Z\aswclnr[1].tmp
C:\Documents and Settings\Kelly\Desktop\RSIT.exe
C:\Program Files\trend micro\Kelly.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 3.0.04506.30; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; MSN Optimized;US; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSN Optimized;US)" -"https://www.maidmarian.com/Sherwood.htm"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://*.turbotax.com
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - https://ra.qwest.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games – Matchmaking) - https://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - https://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games – Game Chat) - https://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187909663776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254528167200
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - https://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - https://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - https://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: kfzlfr - kfzlfr.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13844 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8F173CA3-A036-4656-823E-C26DD26BD6F1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}]
My Web Search Bar BHO - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - WeatherBug Browser Bar - powered by MyWebSearch - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL []
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2002-05-24 28672]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2002-05-24 286720]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-05-16 430080]
"WD Spindown Utility"=C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe [2004-08-09 278528]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-03 233304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-10 198160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-03 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Polar Sync"= []
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2007-05-01 1654784]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]
"DriverUpdaterPro"=C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Kelly\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-12 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kfzlfr]
kfzlfr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3aexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3bfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3aexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3bfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SupportSoft RemoteAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe"="C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:msn"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Data Files\Turbo Tax\2007\TurboTax Deluxe 2007\32bit\ttax.exe"="E:\Data Files\Turbo Tax\2007\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\Data Files\Turbo Tax\2007\TurboTax Deluxe 2007\32bit\updatemgr.exe"="E:\Data Files\Turbo Tax\2007\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fead2d4-dcdb-11dd-bbae-000625406a85}]
shell\AutoRun\command - E:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-01-06 16:28:39 ----D---- C:\Program Files\trend micro
2010-01-06 16:28:23 ----D---- C:\rsit
2010-01-06 16:00:15 ----A---- C:\WINDOWS\irc.txt
2009-12-20 12:57:16 ----A---- C:\WINDOWS\BDTSupport.dll
2009-12-20 12:57:08 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-12-20 12:57:05 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-12-20 12:57:03 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-12-20 12:35:39 ----D---- C:\Program Files\Common Files\PC Tools
2009-12-20 12:35:31 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-12-20 12:35:30 ----D---- C:\Program Files\Spyware Doctor
2009-12-20 12:35:30 ----D---- C:\Documents and Settings\Kelly\Application Data\PC Tools
2009-12-18 12:49:06 ----D---- C:\WINDOWS\pss
2009-12-18 12:48:20 ----SHD---- C:\WINDOWS\CSC
2009-12-18 12:48:02 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-11 09:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-08 13:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-08 13:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-08 13:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-08 13:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-08 13:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-06 16:29:11 ----D---- C:\WINDOWS\Prefetch
2010-01-06 16:28:39 ----RD---- C:\Program Files
2010-01-06 16:21:18 ----D---- C:\WINDOWS\Temp
2010-01-06 16:09:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-06 16:07:22 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-06 16:07:02 ----D---- C:\WINDOWS\system32
2010-01-06 16:05:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 16:04:09 ----D---- C:\WINDOWS
2010-01-06 16:03:25 ----SD---- C:\WINDOWS\Tasks
2010-01-06 15:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-01-05 13:43:46 ----D---- C:\Program Files\Quicken Data File
2010-01-05 13:16:48 ----D---- C:\WINDOWS\Registration
2009-12-30 16:19:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 13:17:44 ----D---- C:\Program Files\SpywareBlaster
2009-12-30 13:11:26 ----D---- C:\Program Files\LimeWire
2009-12-30 13:06:57 ----D---- C:\Program Files\Incomplete
2009-12-30 13:06:27 ----D---- C:\Documents and Settings\Kelly\Application Data\LimeWire
2009-12-21 11:59:10 ----D---- C:\Dads Music
2009-12-21 08:33:53 ----SHD---- C:\WINDOWS\Installer
2009-12-21 08:33:53 ----SHD---- C:\Config.Msi
2009-12-21 08:33:52 ----D---- C:\WINDOWS\WinSxS
2009-12-21 00:54:05 ----SHD---- C:\RECYCLER
2009-12-20 12:44:30 ----D---- C:\WINDOWS\system32\drivers
2009-12-20 12:35:39 ----D---- C:\Program Files\Common Files
2009-12-18 12:49:46 ----SH---- C:\boot.ini
2009-12-18 12:49:46 ----A---- C:\WINDOWS\win.ini
2009-12-18 12:49:46 ----A---- C:\WINDOWS\system.ini
2009-12-15 19:04:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-11 09:27:43 ----D---- C:\WINDOWS\AppPatch
2009-12-11 09:00:45 ----HD---- C:\WINDOWS\inf
2009-12-11 09:00:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-11 08:58:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 17:22:26 ----D---- C:\WINDOWS\network diagnostic
2009-12-08 13:29:47 ----D---- C:\Program Files\Internet Explorer
2009-12-08 13:24:06 ----A---- C:\WINDOWS\imsins.BAK
2009-12-08 13:21:19 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-12 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-12 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-12 360584]
R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-06-12 17153]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2002-05-24 448512]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 maestro;ESS Maestro Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 414400]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WPC54GSv1;Linksys Wireless Notebook Adapter WPC54GSv1 Driver; C:\WINDOWS\system32\DRIVERS\WPC54GSv1.SYS [2006-11-30 610816]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ndisdrv;ndisdrv; \??\C:\WINDOWS\system32\ndisdrv.sys []
S3 PolarUSB;Polar USB Interface; C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 17343]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
S3 winsts;winsts; \??\C:\WINDOWS\system32\winsts.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2002-05-24 131072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-12 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 fastnetsrv;fastnetsrv Service; C:\WINDOWS\system32\FastNetSrv.exe [2004-08-04 42496]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 NWCWorkstation;NWCWorkstation; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-08-12 382320]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Posted 1/7/2010 12:46 AM
#81692
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
The logs show a likely Winlogon malware startup, though perhaps only a remnant now. But they also show you have two antivirus softwares installed, which will cause problems without malware being involved. You need to choose between Avast and AVG, temp disable all security software and then uninstall one of those. Be sure to reboot after.


Once you have done that then do the following:

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Posted 1/8/2010 12:51 AM
#81753
User avatar

kelly2132131 Member

Date Joined Nov 2016
Total Posts: 5
Excellent! Thanks for your help I really appreciate it. I followed your steps and have pasted the log contents below:

ComboFix 10-01-04.01 - Kelly 01/07/2010 16:42:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.146 [GMT -7:00]
Running from: c:\documents and settings\Kelly\Desktop\456.exe
AV: avast! antivirus 4.8.1368 [VPS 100107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\Temp
c:\windows\irc.txt
c:\windows\system32\BtwSrv.dll
c:\windows\system32\Cache
c:\windows\system32\certstore.dat
c:\windows\system32\FastNetSrv.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\Iasv32.dll
c:\windows\system32\Install.txt
c:\windows\system32\lsm32.sys
c:\windows\system32\winsts.sys
c:\windows\TEMP\mta13187.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_IPRIP
-------\Legacy_WINSTS
-------\Service_BtwSrv
-------\Service_fastnetsrv
-------\Service_Iprip
-------\Service_winsts


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-06 23:28 . 2010-01-06 23:30 -------- d-----w- c:\program files\trend micro
2010-01-06 23:28 . 2010-01-06 23:30 -------- d-----w- C:\rsit
2009-12-22 09:10 . 2009-12-22 09:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-21 08:24 . 2009-12-21 08:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-12-20 21:36 . 2009-12-20 21:36 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Threat Expert
2009-12-20 19:57 . 2009-11-10 17:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-20 19:57 . 2009-11-10 17:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-20 19:57 . 2008-11-26 19:08 131 ----a-w- c:\windows\IDB.zip
2009-12-20 19:57 . 2009-10-28 08:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-20 19:57 . 2009-11-10 17:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-20 19:57 . 2009-11-10 17:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-20 19:44 . 2009-10-30 18:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-20 19:43 . 2009-11-09 18:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-20 19:43 . 2009-10-06 23:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-20 19:39 . 2009-09-03 16:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-20 19:35 . 2009-12-20 19:58 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-20 19:35 . 2009-12-20 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-20 19:35 . 2009-12-20 21:51 -------- d-----w- c:\program files\Spyware Doctor
2009-12-20 19:35 . 2009-12-20 19:35 -------- d-----w- c:\documents and settings\Kelly\Application Data\PC Tools
2009-12-11 15:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-11 00:29 . 2009-12-11 02:02 69 ----a-w- c:\documents and settings\Kelly\jagex_runescape_preferences2.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 00:00 . 2008-08-31 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-08 00:00 . 2007-09-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-05 20:43 . 2008-07-31 03:58 -------- d-----w- c:\program files\Quicken Data File
2009-12-30 20:17 . 2007-08-19 20:06 -------- d-----w- c:\program files\SpywareBlaster
2009-12-30 20:11 . 2007-08-19 05:04 -------- d-----w- c:\program files\LimeWire
2009-12-30 20:06 . 2008-02-17 04:19 -------- d-----w- c:\program files\Incomplete
2009-12-30 20:06 . 2007-08-19 05:07 -------- d-----w- c:\documents and settings\Kelly\Application Data\LimeWire
2009-12-11 02:02 . 2008-08-20 02:16 39 ----a-w- c:\documents and settings\Kelly\jagex_runescape_preferences.dat
2009-11-24 23:54 . 2007-08-19 20:01 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-08-19 20:01 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-08-19 20:01 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-08-19 20:01 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-08-19 20:01 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-08-19 20:01 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 18:21 . 2008-05-03 21:37 -------- d-----w- c:\program files\AVG
2009-11-12 17:03 . 2009-11-12 17:01 -------- d-----w- c:\program files\iTunes
2009-11-12 17:01 . 2009-11-12 17:01 -------- d-----w- c:\program files\iPod
2009-11-12 17:01 . 2007-09-19 04:22 -------- d-----w- c:\program files\Common Files\Apple
2009-11-12 16:45 . 2009-11-12 16:45 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 23:10 . 2009-11-03 23:10 152576 ----a-w- c:\documents and settings\Kelly\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 03:42 . 2009-10-03 00:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 11:17 . 2008-11-24 16:03 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-05-01 1654784]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-05-24 28672]
"AtiPTA"="atiptaxx.exe" [2002-05-24 286720]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"WD Spindown Utility"="c:\program files\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-10 198160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\Kelly\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3aexx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3bfxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/20/2009 12:43 PM 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/2/2008 7:38 PM 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2/21/2008 6:03 PM 14464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2008 7:38 PM 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/20/2009 12:57 PM 112592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/6/2009 12:03 AM 54752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 4:31 AM 92008]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 4:12 PM 102400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\es198xdl.sys [6/20/2002 4:53 PM 414400]
R3 WPC54GSv1;Linksys Wireless Notebook Adapter WPC54GSv1 Driver;c:\windows\system32\drivers\WPC54GSv1.SYS [11/30/2006 10:54 PM 610816]
S0 ati3aexx;ati3aexx;c:\windows\system32\Drivers\ati3aexx.sys --> c:\windows\system32\Drivers\ati3aexx.sys [?]
S0 ati3bfxx;ati3bfxx;c:\windows\system32\Drivers\ati3bfxx.sys --> c:\windows\system32\Drivers\ati3bfxx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 9:03 AM 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [8/4/2004 5:00 AM 2304]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/20/2009 12:37 PM 359624]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/28/2008 8:39 AM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-31 00:48]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 16:02]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 16:02]

2010-01-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

2010-01-08 c:\windows\Tasks\User_Feed_Synchronization-{8F173CA3-A036-4656-823E-C26DD26BD6F1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/
mSearchURL = hxxp://www.google.com/
Trusted Zone: hotmail.com\www.messenger
Trusted Zone: live.com\get
Trusted Zone: microsoft.com\www.update
Trusted Zone: passport.com\loginnet
Trusted Zone: passport.net\login
Trusted Zone: passport.net\memberservicesnet
Trusted Zone: turbotax.com
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Polar Sync - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
Notify-kfzlfr - kfzlfr.dll
AddRemove-HijackThis - c:\documents and settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\9Q6F6AK1\HijackThis.exe
AddRemove-TurboTax Deluxe 2007 - e:\data files\Turbo Tax\2007\TurboTax Deluxe 2007\TaxUnst.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-01-07 17:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Google\Google Updater\GoogleUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\atiptaxx.exe
c:\windows\winhlp32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-01-07 17:13:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 00:13

Pre-Run: 57,908,240,384 bytes free
Post-Run: 60,687,446,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0BC7B705076048BB1A27AAD0E54E9160
Posted 1/8/2010 1:34 AM
#81757
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I only just realized you had hijacked MartinT's request thread here . MartinT, should you still need assistance please open a new thread, and then let me know in a PM and I will respond to it.

Of course I would like you to be sure if you ever need help again, kelly2132131, that you start your own request thread.

ComboFix made some good repairs there, so let's follow that with some scans. SpywareGuard shows as a running process, so be very sure to disable that along with other security softwares.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post that log and the Malwarebytes log please.
Posted 1/8/2010 5:37 PM
#81793
User avatar

kelly2132131 Member

Date Joined Nov 2016
Total Posts: 5
Sorry for the confusion I created.

Here are the results:

Malwarebytes' Anti-Malware 1.44
Database version: 3518
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/8/2010 9:25:35 AM
mbam-log-2010-01-08 (09-25-35).txt

Scan type: Quick Scan
Objects scanned: 108685
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------
then I did a full scan and got this:

Malwarebytes' Anti-Malware 1.44
Database version: 3518
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/8/2010 10:35:40 AM
mbam-log-2010-01-08 (10-35-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 191465
Time elapsed: 1 hour(s), 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\BtwSrv.dll.vir (Trojan.Koblu) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\FastNetSrv.exe.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Iasv32.dll.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsm32.sys.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winsts.sys.vir (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327337.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327333.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327334.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327335.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327338.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327370.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328342.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327371.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327372.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327374.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327375.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328334.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328335.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328343.dll (Trojan.Koblu) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328356.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0329334.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334351.dll (Trojan.Koblu) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334352.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334354.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334355.sys (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334396.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334356.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP995\A0319331.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP995\A0319332.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP996\A0320341.exe (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP996\A0320367.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP996\A0320369.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0322354.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0323335.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0323337.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0323338.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP998\A0323373.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP998\A0323374.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324359.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324360.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324361.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324363.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325333.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325334.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325335.old (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325336.dll (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325338.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0326333.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0326335.exe (Backdoor.Bot) -> No action taken.


------------------
then remove selected and got this:

Malwarebytes' Anti-Malware 1.44
Database version: 3518
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/8/2010 10:36:32 AM
mbam-log-2010-01-08 (10-36-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 191465
Time elapsed: 1 hour(s), 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\BtwSrv.dll.vir (Trojan.Koblu) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\FastNetSrv.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Iasv32.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsm32.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winsts.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327337.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327333.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327334.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327335.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1000\A0327338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327370.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328342.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327371.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327372.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327374.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0327375.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328334.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328335.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328343.dll (Trojan.Koblu) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0328356.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1001\A0329334.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334351.dll (Trojan.Koblu) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334352.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334354.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334355.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334396.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP1004\A0334356.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP995\A0319331.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP995\A0319332.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP996\A0320341.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP996\A0320367.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP996\A0320369.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0322354.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0323335.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0323337.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP997\A0323338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP998\A0323373.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP998\A0323374.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324359.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324360.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324361.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0324363.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325333.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325334.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325335.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325336.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0325338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0326333.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{956AA00F-5612-49BF-B113-D7993FCD1024}\RP999\A0326335.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


.........need to reboot
Posted 1/8/2010 9:03 PM
#81798
User avatar

kelly2132131 Member

Date Joined Nov 2016
Total Posts: 5
after the reboot reran malware full scan...here are the results:

Malwarebytes' Anti-Malware 1.44
Database version: 3519
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/8/2010 1:04:17 PM
mbam-log-2010-01-08 (13-04-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 191678
Time elapsed: 2 hour(s), 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------

then eset....results showed no threats found....
Posted 1/9/2010 12:13 AM
#81802
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Good, infection is all removed now. Before we go on to some final steps here, post back how things are running please.
Posted 1/11/2010 8:10 PM
#81895
User avatar

kelly2132131 Member

Date Joined Nov 2016
Total Posts: 5
Excellent. Everything seems to be working fine.
Posted 1/11/2010 11:19 PM
#81899
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
It doesn't show clearly in the logs, but the RSIT info.txt log does show AVG installed there - surprised I missed that. As no one system should have more than one antivirus installed at any one time, you will need to uninstall AVG, to avoid conflicts occurring.

Go here and download and run the AVG uninstaller.

--------------

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

WeatherBug Browser Bar - powered by MyWebSearch
WeatherBug


Those are adware bundled. If the scans already removed some of either, so the uninstall fails, just do this instead for that item:

Open Hijackthis.
Click Config - Misc Tools - Open Uninstall Manager again.
A list of the entries in Add/Remove programs will appear.
Click to hilight the program that cannot uninstall, then click "Delete this entry", and close HijackThis. This is only in reference to those two WeatherBug items.

-------------------------

You have older and more vulnerable Java version(s) installed there, so need to remove those and update to the latest version of that.

Go here and download the latest version of Sun Java Java Runtime Environment (JRE) 6 Update 17. The current file name for that is jre-6u17-windows-i586.exe. I recommend you choose to download the "Windows Offline Installation" by clicking on that file to download it.


Then click here and download JavaRa.zip to your desktop, then unzip that. Close all open programs and browsers, and in the folder created locate and click on JavaRa.exe to start the tool. Select the correct language using the dropdown bar and click Select.

Then click Remove Older Versions, and agree to allow the tool to run. JavaRa will locate and remove all the outdated Java items.

When it completes click okay to allow it to open the logfile. This will also be saved as C:\JavaRa.log. We won't be needing to review that now. You can just use the "X" to close JavaRa.


And click that downloaded jre-6u17-windows-i586.exe to install the latest Java version there, being sure to reboot after.

Do those changes, and before we do that finishing up I mentioned, post back how that all went please.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 9:56 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
38 Guest(s), 0 Registered Member(s) are currently online.