# Please Help!  Virus locked me out...



## bulochka

The Virus/Trojan has locked me out of the system.  It disabled my AVG antivirus software (can't run it), disabled command prompt, disabled Ctrl+Alt+Delete and also made an Administrator profile for itself protected by password, so that even with an original CD I can't repair the operating system.  I have seen the thread here with almost the exact problem, but that solution doesn't work for me, since the virus locked me out completely...
I have managed to install A-Squared Anti-Malware by EMSI and scanned the computer - it detected and removed a lot of things, but after the reboot seems like the virus disabled it as well
Is there a solution to my problem?


----------



## johnb35

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open *Task Manager* then *Processes* tab (press ctrl, alt and del at the same time) and end any processes of *findstr, find, sed or swreg*, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

You may have to run combofix in safe mode. This sounds like a very nasty infection and most likely will stop combofix from running.  

When you save the file when downloading, change the name to bulochka, as renaming the file should allow the file to run and hide the real name from the infection.


----------



## bulochka

*it's getting worse*

I was going to install suggested programs (Antimalware, hijackthis, combofix...) but ran into a deeper problem.  Neither of the programs would start running - seems like virus prevents them from running.  I am using the other computer to download things and transfer the files through usb stick.


----------



## johnb35

The trick would be to renaming them and trying in safe mode.  The other option would be to take that hard drive out and put it in a different machine and scan it with a fully updated antivirus program along with malwarebytes full scan.


----------



## bulochka

I am running a Windows XP Home edition.  As soon as the windows loads (before all the programs load in and icons show up on screen) I get a Spyware Alert window pop up saying:
Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via.... ....... .....
Type:   Virus
System Affected: Windows 2000, NT, ME, XP, Vista, 7
Security Risk (0-5):   5
Recomendations:   It is necessary to perform a full system scan



When I click OK or close the window, the icons and programs start to load, then my background image is overlayed with plain blue or green background and in the centre a message with back background saying:   (in big red)  YOUR SYSTEM IS INFECTED!  (in small grey)  System has been stopped due to a serious malfunction.  Spyware activity has been detected.  It is recomended to use spyware removal tool to prevent data loss.  Do not use the computer before all spyware removed


When the A-Squared Anti-Malware program loads a Warning window pops out with:  
  Application cannot be executed.  The file is infected.  Please activate your antivirus software.

After this I don't seem to be able to run any exe file


----------



## johnb35

Have you tried safe mode?


----------



## bulochka

renaming doesn't help.   None executable run even in safe mode.  Exactly same thing happens in safe mode with the exception of the user login where there is a new Administrator into which I have no access and I am just a user (not administrator anymore)
I'll try to remove the harddrive and scan with on the other comp...


----------



## johnb35

Sometimes putting it in another computer is the only thing you can do.


----------



## bulochka

I took the harddrive out and scanned it on the other computer with AVG and Malwarebytes Anti-Malware.   For some reason my AVG was saying the mbam.exe from Malwarebytes is infected with trojan Agent2.AGQV.  Is it true or that's just the conflict between 2 progs?

Now I am trying to put harddrive back and scan it on the original computer, but when windows loads I get to login page and Administrator created by virus is gone now, but when I try to log in it logs me out immediatelly.

Here is the results from AVG and Malwarebytes:

"F:\WINDOWS\system32\winlogon32.exe";"Trojan horse Agent2.AGQV";"Moved to Virus Vault"
"F:\WINDOWS\system32\warning.html";"Trojan horse FakeAlert.OP";"Moved to Virus Vault"
"F:\WINDOWS\system32\smss32.exe";"Trojan horse Agent2.AGQV";"Moved to Virus Vault"
"F:\Documents and Settings\Julie Hulevich\Local Settings\Application Data\Flock\Browser\Profiles\ffo0gqet.default\Cache\0AC490DFd01";"Trojan horse Agent2.AGQV";"Moved to Virus Vault"
"F:\Documents and Settings\Julie Hulevich\Application Data\Microsoft\Internet Explorer\Desktop.htt";"Trojan horse FakeAlert.OP";"Moved to Virus Vault"



Malwarebytes' Anti-Malware 1.44
Database version: 3639
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2010 3:46:11 PM
mbam-log-2010-01-26 (15-46-11).txt

Scan type: Full Scan (F:\|)
Objects scanned: 227965
Time elapsed: 59 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\SDFix\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
F:\SDFix\apps\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{7224B129-1DBE-403F-8F5F-5A69EF7B2FF2}\RP1611\A0239900.sys (Malware.Trace) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{7224B129-1DBE-403F-8F5F-5A69EF7B2FF2}\RP1611\A0239901.sys (Malware.Trace) -> Quarantined and deleted successfully.
F:\Documents and Settings\Julie Hulevich\Local Settings\Application Data\Flock\Browser\Profiles\ffo0gqet.default\Cache\B204B0A0d01 (Trojan.Downloader) -> Quarantined and deleted successfully.


----------



## bulochka

I tried to run the windows repair from original disk, but it asks me for Administrator password (don't remember having it before).  I tried all the passwords I could of have used, but no luck.
Any suggestions?


----------



## johnb35

I have a feeling you went into recovery console and you didn't start the repair.  Don't press R for recovery console, get past that screen and go on to the next.


----------



## bulochka

I have managed to repair windows.  Don't have messages by virus, but still can't use Ctrl+Alt+Delete (says it's been disabled by administrator)  Couldn't get into user accounts to see what's wrong (no action when try to go to user accounts) also no action when try to run exe files.


----------



## bulochka

You were right - that was my mistake.  Then I wasted half a day trying to recover the authorization code for my windows...


----------



## johnb35

So is everything working now or are you still having problems?


----------



## bulochka

seems like I am starting to climb out of things.  Somehow managed to run A2antimalware (was extremely slow) and after that some programs started to run.
here is the scans from combofix and hijackthis

Also something disabled the printer (tried to reinstall it, but still no luck)  Also usb ports at the back of computer don't seem to be working, (had to move mouse over to the front port)

ComboFix 10-01-25.02 - Julie Hulevich 01/27/2010   9:55.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.1015.494 [GMT -7:00]
Running from: c:\documents and settings\Julie Hulevich\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\MSN6
c:\documents and settings\All Users\Application Data\MSN6\au.ini
c:\documents and settings\Julie Hulevich\Application Data\MSN6
c:\documents and settings\Julie Hulevich\Application Data\MSN6\au.ini
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata001.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata002.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata003.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata004.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata005.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\fastsettings.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\favcache.xml
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\favorites.xml
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\localsettings.xml
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\settings.xml
c:\documents and settings\Julie Hulevich\Cookies\MM2048.DAT
c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1409082233-1078145449-725345543-1003
c:\recycler\S-1-5-21-3123157274-2644546615-1827650332-1003
C:\s
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\unins000.dat
c:\windows\unins000.exe

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected 
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll 

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((((((((   Files Created from 2009-12-27 to 2010-01-27  )))))))))))))))))))))))))))))))
.

2010-01-27 04:27 . 2005-06-21 22:43	163840	----a-w-	c:\windows\system32\igfxres.dll
2010-01-27 03:34 . 2002-08-29 12:00	29760	-c--a-w-	c:\windows\system32\dllcache\znetm.dll
2010-01-27 03:34 . 2002-08-29 12:00	13894	-c--a-w-	c:\windows\system32\dllcache\zonelibm.dll
2010-01-27 03:34 . 2002-08-29 12:00	113222	-c--a-w-	c:\windows\system32\dllcache\zoneclim.dll
2010-01-27 03:34 . 2002-08-29 12:00	4677	-c--a-w-	c:\windows\system32\dllcache\zeeverm.dll
2010-01-27 03:34 . 2002-08-29 12:00	41029	-c--a-w-	c:\windows\system32\dllcache\zcorem.dll
2010-01-27 03:34 . 2002-08-29 12:00	36937	-c--a-w-	c:\windows\system32\dllcache\zclientm.exe
2010-01-27 03:34 . 2002-08-29 12:00	119808	-c--a-w-	c:\windows\system32\dllcache\winmine.exe
2010-01-27 03:32 . 2002-08-29 12:00	6144	-c--a-w-	c:\windows\system32\dllcache\kbdax2.dll
2010-01-27 03:31 . 2002-05-14 19:08	16437	-c--a-w-	c:\windows\system32\dllcache\shtml.exe
2010-01-27 03:30 . 2001-08-18 05:36	171008	----a-w-	c:\windows\system32\LXAESUI.DLL
2010-01-27 03:29 . 2010-01-27 03:29	--------	d-----w-	c:\documents and settings\Default User\Application Data\DivX
2010-01-27 03:26 . 2002-08-29 08:06	182400	----a-w-	c:\windows\system32\drivers\rdpdr.sys
2010-01-27 02:35 . 2001-08-17 20:59	50048	----a-w-	c:\windows\system32\drivers\DMusic.sys
2010-01-27 02:34 . 2002-08-29 08:32	5888	----a-w-	c:\windows\system32\drivers\splitter.sys
2010-01-27 02:34 . 2002-08-29 08:27	56576	----a-w-	c:\windows\system32\drivers\redbook.sys
2010-01-27 02:32 . 2002-08-29 10:41	49664	----a-w-	c:\windows\system32\vfwwdm32.dll
2010-01-27 02:03 . 2002-08-29 10:46	38024	----a-w-	c:\windows\system32\drivers\termdd.sys
2010-01-27 02:02 . 2002-08-29 12:00	696320	-c--a-w-	c:\windows\system32\dllcache\sapi.dll
2010-01-27 02:02 . 2002-08-29 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2010-01-27 02:02 . 2002-08-29 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2010-01-27 02:02 . 2002-08-29 12:00	10496	-c--a-w-	c:\windows\system32\dllcache\irenum.sys
2010-01-27 02:02 . 2002-08-29 12:00	10496	----a-w-	c:\windows\system32\drivers\irenum.sys
2010-01-27 02:02 . 2002-08-29 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2010-01-27 02:02 . 2002-08-29 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2010-01-27 02:02 . 2002-08-29 12:00	132096	----a-w-	c:\windows\system\WINSPOOL.DRV
2010-01-27 02:02 . 2002-08-29 10:41	71168	----a-w-	c:\windows\system32\storprop.dll
2010-01-26 17:34 . 2010-01-26 17:43	--------	d-----w-	C:\$AVG
2010-01-25 07:12 . 2010-01-25 07:12	--------	d-----w-	c:\windows\ERUNT
2010-01-25 06:42 . 2010-01-27 16:17	--------	d-----w-	c:\program files\a-squared Anti-Malware
2010-01-25 05:45 . 2010-01-26 22:46	--------	d-----w-	C:\SDFix

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\VVJ1VLVL.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\VNHJL7F1.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\QE5JXZTB.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\I3ZTFTJL.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\7ZTR757T.DAT
2010-01-27 03:28 . 2003-02-13 21:27	23388	----a-w-	c:\windows\system32\emptyregdb.dat
2010-01-26 01:32 . 2009-02-23 00:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2010-01-21 19:43 . 2009-03-28 15:06	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-14 18:12 . 2009-10-02 19:48	181120	------w-	c:\windows\system32\MpSigStub.exe
2009-12-31 19:08 . 2008-03-30 21:07	--------	d-----w-	c:\documents and settings\Julie Hulevich\Application Data\shrink_pic
2009-12-08 00:39 . 2003-09-30 01:42	--------	d-----w-	c:\program files\DivX
2009-12-08 00:32 . 2009-06-06 14:29	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-12-04 16:58 . 2009-06-06 18:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI MMC
2009-12-01 23:16 . 2009-03-10 01:17	--------	d-----w-	c:\documents and settings\Julie Hulevich\Application Data\Skype
2009-12-01 23:01 . 2009-03-10 01:19	--------	d-----w-	c:\documents and settings\Julie Hulevich\Application Data\skypePM
2009-11-19 18:48 . 2009-11-27 22:50	872960	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 18:48 . 2009-11-27 22:50	43008	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 18:48 . 2009-11-27 22:50	340480	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 18:48 . 2009-11-27 22:50	346624	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47	696320	----a-w-	c:\windows\system32\DivX.dll
2005-01-12 22:08 . 2005-01-12 22:08	56	--sh--r-	c:\windows\system32\125F6599E1.sys
2005-07-14 19:31 . 2006-05-24 17:37	27648	--sha-w-	c:\windows\system32\AVSredirect.dll
2007-05-15 17:00 . 2007-01-21 06:05	22848032	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2007-05-15 17:00 . 2007-01-21 06:05	1503264	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2005-05-05 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-05-05 53248]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-04-01 1469680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-28 155648]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-15 2043160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-12 185896]
"TELUS_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-08 1462272]
"TelusWCC_McciTrayApp"="c:\program files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 543232]
"TEPA.exe"="c:\program files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 2061816]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2010-01-02 3280712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-08-29 51200]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]

c:\documents and settings\Julie Hulevich\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2007-9-18 3032472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 15:57	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-26 00:11	94208	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48	157592	----a-w-	c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 18:54	5674352	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-26 00:11	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 18:43	2097488	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
2005-04-01 22:15	1469680	----a-w-	c:\program files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 19:03	36975	----a-w-	c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-12 03:07	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"kavsvc"=2 (0x2)
"dvpapi"=2 (0x2)
"gusvc"=3 (0x3)
"Autodesk Network Licensing Service"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\WOW\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Flock\\flock\\flock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45680:UDP"= 45680:UDP:mutorrent

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/26/2008 9:41 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2008 9:41 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2008 9:41 PM 108552]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [1/24/2010 11:42 PM 1858144]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2009 11:19 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2008 9:41 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2006 10:58 PM 639224]
S2 gupdate1c9954d1134e28e;Google Update Service (gupdate1c9954d1134e28e);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 5:24 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [6/7/2007 5:32 PM 17432]
S3 ADPK;TRUST SPYC@M 300S;c:\windows\system32\drivers\SQCaptur.sys [9/14/2003 10:34 AM 30921]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [1/7/2004 6:58 PM 36960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [9/16/2007 6:22 PM 18432]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [5/22/2006 11:03 PM 223128]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 23:50]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 00:24]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 00:24]

2010-01-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=ca&.src=ym&rl=1
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Do&wnload by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_Link.htm
IE: Download A&ll by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_All.htm
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Similar Pages
IE: Translate into English
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
FF - ProfilePath - c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rlz=1R0GGGL_en
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http - 
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on - 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Notify-yayywtr - yayywtr.dll
MSConfigStartUp-igndlm - (no file)
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 10:12
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\JULIEH~1\LOCALS~1\Temp\mc2A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3194624122-2740737171-2644822240-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\msctfime.ime

- - - - - - - > 'lsass.exe'(828)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(908)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\program files\Shrink Pic\shrinkpici.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\System32\msctfime.ime
c:\windows\IME\SPGRMR.DLL
c:\windows\System32\msi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Microsoft Office\Office10\WINWORD.EXE
c:\program files\Microsoft Works\MSWorks.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2010-01-27  10:23:54 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-27 17:23

Pre-Run: 116,040,921,088 bytes free
Post-Run: 118,135,738,368 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

- - End Of File - - 621354243DA528FADC6D732C2D6FE33B


----------



## bulochka

seems like I am starting to climb out of things.  Somehow managed to run A2antimalware (was extremely slow) and after that some programs started to run.
here is the scans from combofix and hijackthis

Also something disabled the printer (tried to reinstall it, but still no luck)  Also usb ports at the back of computer don't seem to be working, (had to move mouse over to the front port)

ComboFix 10-01-25.02 - Julie Hulevich 01/27/2010   9:55.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.1015.494 [GMT -7:00]
Running from: c:\documents and settings\Julie Hulevich\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\MSN6
c:\documents and settings\All Users\Application Data\MSN6\au.ini
c:\documents and settings\Julie Hulevich\Application Data\MSN6
c:\documents and settings\Julie Hulevich\Application Data\MSN6\au.ini
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata001.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata002.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata003.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata004.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\msndata005.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\fastsettings.dat
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\favcache.xml
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\favorites.xml
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\localsettings.xml
c:\documents and settings\Julie Hulevich\Application Data\MSN6\UserData\{8AC12CC4-25C7-01C5-0200-00004A571783}\settings.xml
c:\documents and settings\Julie Hulevich\Cookies\MM2048.DAT
c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1409082233-1078145449-725345543-1003
c:\recycler\S-1-5-21-3123157274-2644546615-1827650332-1003
C:\s
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\unins000.dat
c:\windows\unins000.exe

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected 
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll 

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((((((((   Files Created from 2009-12-27 to 2010-01-27  )))))))))))))))))))))))))))))))
.

2010-01-27 04:27 . 2005-06-21 22:43	163840	----a-w-	c:\windows\system32\igfxres.dll
2010-01-27 03:34 . 2002-08-29 12:00	29760	-c--a-w-	c:\windows\system32\dllcache\znetm.dll
2010-01-27 03:34 . 2002-08-29 12:00	13894	-c--a-w-	c:\windows\system32\dllcache\zonelibm.dll
2010-01-27 03:34 . 2002-08-29 12:00	113222	-c--a-w-	c:\windows\system32\dllcache\zoneclim.dll
2010-01-27 03:34 . 2002-08-29 12:00	4677	-c--a-w-	c:\windows\system32\dllcache\zeeverm.dll
2010-01-27 03:34 . 2002-08-29 12:00	41029	-c--a-w-	c:\windows\system32\dllcache\zcorem.dll
2010-01-27 03:34 . 2002-08-29 12:00	36937	-c--a-w-	c:\windows\system32\dllcache\zclientm.exe
2010-01-27 03:34 . 2002-08-29 12:00	119808	-c--a-w-	c:\windows\system32\dllcache\winmine.exe
2010-01-27 03:32 . 2002-08-29 12:00	6144	-c--a-w-	c:\windows\system32\dllcache\kbdax2.dll
2010-01-27 03:31 . 2002-05-14 19:08	16437	-c--a-w-	c:\windows\system32\dllcache\shtml.exe
2010-01-27 03:30 . 2001-08-18 05:36	171008	----a-w-	c:\windows\system32\LXAESUI.DLL
2010-01-27 03:29 . 2010-01-27 03:29	--------	d-----w-	c:\documents and settings\Default User\Application Data\DivX
2010-01-27 03:26 . 2002-08-29 08:06	182400	----a-w-	c:\windows\system32\drivers\rdpdr.sys
2010-01-27 02:35 . 2001-08-17 20:59	50048	----a-w-	c:\windows\system32\drivers\DMusic.sys
2010-01-27 02:34 . 2002-08-29 08:32	5888	----a-w-	c:\windows\system32\drivers\splitter.sys
2010-01-27 02:34 . 2002-08-29 08:27	56576	----a-w-	c:\windows\system32\drivers\redbook.sys
2010-01-27 02:32 . 2002-08-29 10:41	49664	----a-w-	c:\windows\system32\vfwwdm32.dll
2010-01-27 02:03 . 2002-08-29 10:46	38024	----a-w-	c:\windows\system32\drivers\termdd.sys
2010-01-27 02:02 . 2002-08-29 12:00	696320	-c--a-w-	c:\windows\system32\dllcache\sapi.dll
2010-01-27 02:02 . 2002-08-29 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2010-01-27 02:02 . 2002-08-29 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2010-01-27 02:02 . 2002-08-29 12:00	10496	-c--a-w-	c:\windows\system32\dllcache\irenum.sys
2010-01-27 02:02 . 2002-08-29 12:00	10496	----a-w-	c:\windows\system32\drivers\irenum.sys
2010-01-27 02:02 . 2002-08-29 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2010-01-27 02:02 . 2002-08-29 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2010-01-27 02:02 . 2002-08-29 12:00	132096	----a-w-	c:\windows\system\WINSPOOL.DRV
2010-01-27 02:02 . 2002-08-29 10:41	71168	----a-w-	c:\windows\system32\storprop.dll
2010-01-26 17:34 . 2010-01-26 17:43	--------	d-----w-	C:\$AVG
2010-01-25 07:12 . 2010-01-25 07:12	--------	d-----w-	c:\windows\ERUNT
2010-01-25 06:42 . 2010-01-27 16:17	--------	d-----w-	c:\program files\a-squared Anti-Malware
2010-01-25 05:45 . 2010-01-26 22:46	--------	d-----w-	C:\SDFix

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\VVJ1VLVL.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\VNHJL7F1.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\QE5JXZTB.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\I3ZTFTJL.DAT
2010-01-27 03:30 . 2010-01-27 03:30	2678	----a-w-	c:\windows\java\Packages\Data\7ZTR757T.DAT
2010-01-27 03:28 . 2003-02-13 21:27	23388	----a-w-	c:\windows\system32\emptyregdb.dat
2010-01-26 01:32 . 2009-02-23 00:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2010-01-21 19:43 . 2009-03-28 15:06	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-14 18:12 . 2009-10-02 19:48	181120	------w-	c:\windows\system32\MpSigStub.exe
2009-12-31 19:08 . 2008-03-30 21:07	--------	d-----w-	c:\documents and settings\Julie Hulevich\Application Data\shrink_pic
2009-12-08 00:39 . 2003-09-30 01:42	--------	d-----w-	c:\program files\DivX
2009-12-08 00:32 . 2009-06-06 14:29	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-12-04 16:58 . 2009-06-06 18:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI MMC
2009-12-01 23:16 . 2009-03-10 01:17	--------	d-----w-	c:\documents and settings\Julie Hulevich\Application Data\Skype
2009-12-01 23:01 . 2009-03-10 01:19	--------	d-----w-	c:\documents and settings\Julie Hulevich\Application Data\skypePM
2009-11-19 18:48 . 2009-11-27 22:50	872960	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 18:48 . 2009-11-27 22:50	43008	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 18:48 . 2009-11-27 22:50	340480	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 18:48 . 2009-11-27 22:50	346624	----a-w-	c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47	696320	----a-w-	c:\windows\system32\DivX.dll
2005-01-12 22:08 . 2005-01-12 22:08	56	--sh--r-	c:\windows\system32\125F6599E1.sys
2005-07-14 19:31 . 2006-05-24 17:37	27648	--sha-w-	c:\windows\system32\AVSredirect.dll
2007-05-15 17:00 . 2007-01-21 06:05	22848032	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2007-05-15 17:00 . 2007-01-21 06:05	1503264	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2005-05-05 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-05-05 53248]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-04-01 1469680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-28 155648]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-15 2043160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-12 185896]
"TELUS_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-08 1462272]
"TelusWCC_McciTrayApp"="c:\program files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 543232]
"TEPA.exe"="c:\program files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 2061816]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2010-01-02 3280712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-08-29 51200]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]

c:\documents and settings\Julie Hulevich\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2007-9-18 3032472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 15:57	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-26 00:11	94208	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48	157592	----a-w-	c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 18:54	5674352	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-26 00:11	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 18:43	2097488	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
2005-04-01 22:15	1469680	----a-w-	c:\program files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 19:03	36975	----a-w-	c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-12 03:07	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"kavsvc"=2 (0x2)
"dvpapi"=2 (0x2)
"gusvc"=3 (0x3)
"Autodesk Network Licensing Service"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\WOW\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Flock\\flock\\flock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45680:UDP"= 45680:UDP:mutorrent

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/26/2008 9:41 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2008 9:41 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2008 9:41 PM 108552]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [1/24/2010 11:42 PM 1858144]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2009 11:19 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2008 9:41 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2006 10:58 PM 639224]
S2 gupdate1c9954d1134e28e;Google Update Service (gupdate1c9954d1134e28e);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 5:24 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [6/7/2007 5:32 PM 17432]
S3 ADPK;TRUST SPYC@M 300S;c:\windows\system32\drivers\SQCaptur.sys [9/14/2003 10:34 AM 30921]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [1/7/2004 6:58 PM 36960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [9/16/2007 6:22 PM 18432]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [5/22/2006 11:03 PM 223128]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 23:50]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 00:24]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 00:24]

2010-01-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=ca&.src=ym&rl=1
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Do&wnload by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_Link.htm
IE: Download A&ll by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_All.htm
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Similar Pages
IE: Translate into English
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
FF - ProfilePath - c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rlz=1R0GGGL_en
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\documents and settings\Julie Hulevich\Application Data\Mozilla\Firefox\Profiles\1gnrq81a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http - 
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on - 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Notify-yayywtr - yayywtr.dll
MSConfigStartUp-igndlm - (no file)
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 10:12
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\JULIEH~1\LOCALS~1\Temp\mc2A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3194624122-2740737171-2644822240-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\msctfime.ime

- - - - - - - > 'lsass.exe'(828)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(908)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\program files\Shrink Pic\shrinkpici.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\System32\msctfime.ime
c:\windows\IME\SPGRMR.DLL
c:\windows\System32\msi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
.


----------



## bulochka

------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Microsoft Office\Office10\WINWORD.EXE
c:\program files\Microsoft Works\MSWorks.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2010-01-27  10:23:54 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-27 17:23

Pre-Run: 116,040,921,088 bytes free
Post-Run: 118,135,738,368 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

- - End Of File - - 621354243DA528FADC6D732C2D6FE33B



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:18 AM, on 1/27/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Documents and Settings\Julie Hulevich\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.intl=ca&.src=ym&rl=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\JULIE HULEVICH\Application Data\Mozilla\Profiles\default\5wbqr0fx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JULIE HULEVICH\Application Data\Mozilla\Profiles\default\5wbqr0fx.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {933E7167-F302-48C8-A4E9-19C4D4C15B3B} - C:\PROGRA~1\CIA\AFE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146964347750
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9954d1134e28e) (gupdate1c9954d1134e28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

--
End of file - 13698 bytes


----------



## johnb35

I will post later tonight with the fixes as I have to leave for work in a few minutes.


----------



## johnb35

Rerun hijackthis and place a check next to these entries.

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {933E7167-F302-48C8-A4E9-19C4D4C15B3B} - C:\PROGRA~1\CIA\AFE.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab

Then click on fix checked at the bottom.

You are running outdated java and AVG.  Please go into add/remove programs and uninstall all instances of Java then go here and download the latest version.

http://java.com/en/download/inc/windows_upgrade_ie.jsp

Also uninstall your version of AVG and then go here to download the latest version.

http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html

After applying these fixes please post a fresh hijackthis log. Along with an update on how your system is running.


----------



## bulochka

Thank you so much for your help.  Computer runs much better - I think everything is back to normal, but you let me know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:49 PM, on 1/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Julie Hulevich\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.intl=ca&.src=ym&rl=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\JULIE HULEVICH\\APPLICATION DATA\\Mozilla\\Profiles\\default\\5wbqr0fx.slt");
user_pref("browser.download.dir", "C:\\Documents and Settings\\Julie Hulevich\\Desktop\\download\\Netscape 8.1");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\JULIE HULEVICH\\APPLICATION DATA\\Mozilla\\Profiles\\default\\5wbqr0fx.slt");
user_pref("browser.download.dir", "C:\\Documents and Settings\\Julie Hulevich\\Desktop\\download\\Netscape 8.1");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146964347750
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate1c9954d1134e28e) (gupdate1c9954d1134e28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

--
End of file - 13950 bytes


----------



## bulochka

One more think if you could check.  The comp that was ok, after installing AVG internet security it became very slow.  Is it AVG or something else happening with it?
Thanks a lot for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:12 PM, on 1/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless-N PCI Adapter\WLService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hammer & Hustlah\Desktop\Security Progs\ComboFix.exe
C:\Documents and Settings\Hammer & Hustlah\Desktop\Security Progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1204157942184
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204157936605
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WMP300NSvc - GEMTEKS - C:\Program Files\Wireless-N PCI Adapter\WLService.exe

--
End of file - 10948 bytes


----------



## johnb35

These fixes will be for the first hijackthis log you posted last night.


Rerun hijackthis and place a check next to this entry and then click on fix checked at the bottom.

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

All those 04 entries are unneeded at bootup and i'm just having you disable them from running when you start your computer.


----------

