Author Topic: Cannot Download or Uninstall and Pop-Ups Galore (Read 2351 times)

indfin · « **on:** March 17, 2010, 10:19:32 AM »

Hello Again:

Neither can I cannot uninstall anything on this desktop, nor can I download. And there are pop-ups on both Firefox and IE, even though the Pop-Up Blocker is turned on. Tried to run Malwarebytes, but I get an error message. When trying to run HJT, it said 'report this error to HJT'. Following is the HJT log, but I don't know if it is of any use. Thank you for your help.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:08:27 AM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [gimorijet] Rundll32.exe "c:\windows\system32\gajukilu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: NumLock.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\gajukilu.dll,hupetetu.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: bawosediz - {64983b59-4b07-4635-920b-e135e8153529} - c:\windows\system32\gajukilu.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: tokatiluy - {64983b59-4b07-4635-920b-e135e8153529} - c:\windows\system32\gajukilu.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5626 bytes
______________________________________
Thanks.

guestolo · « **Reply #1 on:** March 17, 2010, 11:07:02 AM »

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Under the Custom Scan box paste this in, the contents in Blue

[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]

Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

indfin · « **Reply #2 on:** March 17, 2010, 11:27:47 AM »

Here is the one that popped up. Will post the other one in a separate reply.

OTL logfile created on: 3/17/2010 12:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Harit\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.37 Gb Free Space | 95.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TJ
Current User Name: Harit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/03/17 12:16:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe
PRC - [2009/09/02 00:03:00 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/02 00:03:00 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/02 00:03:00 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/02 00:02:58 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/02 00:02:57 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/07 22:33:42 | 005,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
PRC - [2005/07/04 17:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\system32\gajukilu.dll
MOD - [2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\system32\hupetetu.dll
MOD - [2010/03/17 12:16:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Running] -- -- (WUSB54Gv42SVC)
SRV - [2009/09/02 00:02:58 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/02 00:02:57 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/09/02 00:03:19 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/02 00:03:14 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/02 00:03:14 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/11 11:18:04 | 001,050,112 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/09/25 05:58:32 | 000,021,656 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008/09/25 05:57:20 | 000,012,952 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/13 13:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 14:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/08/16 10:09:38 | 000,003,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/12/11 21:02:24 | 000,016,768 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2005/10/17 20:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/04/28 12:00:56 | 000,006,144 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/04/23 22:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
DRV - [2003/12/08 19:35:16 | 000,229,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndm360.sys -- (SNDM360)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/21 19:23:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 00:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 08:25:19 | 000,000,000 | ---D | M]

[2009/09/01 23:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harit\Application Data\Mozilla\Extensions
[2010/03/17 10:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harit\Application Data\Mozilla\Firefox\Profiles\w0ewnrm0.default\extensions
[2010/01/21 17:44:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Harit\Application Data\Mozilla\Firefox\Profiles\w0ewnrm0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 10:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [gimorijet] C:\WINDOWS\System32\gajukilu.DLL ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NumLock.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gajukilu.dll) - C:\WINDOWS\system32\gajukilu.dll ()
O20 - AppInit_DLLs: (hupetetu.dll) - C:\WINDOWS\System32\hupetetu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: bawosediz - {64983b59-4b07-4635-920b-e135e8153529} - C:\WINDOWS\system32\gajukilu.dll ()
O22 - SharedTaskScheduler: {64983b59-4b07-4635-920b-e135e8153529} - tokatiluy - C:\WINDOWS\system32\gajukilu.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/01 11:29:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\Shell\AutoRun\command - "" = E:\h1dwg20.exe -- File not found
O33 - MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\Shell\explore\Command - "" = E:\h1dwg20.exe -- File not found
O33 - MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\Shell\open\Command - "" = E:\h1dwg20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/01 11:29:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Tej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
MsConfig - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
MsConfig - StartUpReg: S3Trayp - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: VModes - hkey= - key= - C:\WINDOWS\System32\VModes.exe (VIA)
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/03/17 12:16:51 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe
[2010/03/17 11:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/03/17 10:56:27 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Harit\Desktop\mbam-setup.exe
[2010/03/16 03:34:58 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/16 03:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 15:59:45 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/14 15:59:41 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/03/10 21:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/03/10 20:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/03/10 20:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/03/10 19:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/10 19:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/10 19:55:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/10 19:55:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/10 19:55:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/08 09:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Docs
[2010/03/07 21:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harit\Application Data\TeamViewer
[2010/03/07 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/03/03 10:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harit\Desktop\School
[2010/01/25 20:37:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/02 11:21:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndm360.dll
[2009/09/01 11:29:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/01 11:29:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/01 11:29:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\gajukilu.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\WINDOWS\System32\titobigi.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\vedilune.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\nisinupo.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\hupetetu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\benituyo.dll
[2099/01/01 12:00:00 | 000,043,520 | -HS- | M] () -- C:\WINDOWS\System32\mulumobu.dll
[2099/01/01 12:00:00 | 000,043,008 | -HS- | M] () -- C:\WINDOWS\System32\telelepu.dll
[2010/03/17 12:22:46 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\loguvoma
[2010/03/17 12:16:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe
[2010/03/17 12:14:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/17 12:14:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/17 11:46:09 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Harit\NTUSER.DAT
[2010/03/17 11:46:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Harit\ntuser.ini
[2010/03/17 11:07:45 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\HiJackThis.lnk
[2010/03/17 11:06:48 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\HijackThis.msi
[2010/03/17 11:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gxgtzyoa.job
[2010/03/17 10:56:38 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Harit\Desktop\mbam-setup.exe
[2010/03/17 10:54:01 | 057,241,725 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/17 10:52:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 19:09:20 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 19:09:20 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 19:09:20 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 18:25:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 21:10:39 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/07 21:23:45 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/03/07 21:22:57 | 002,729,912 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\TeamViewer_Setup.exe
[2010/03/03 18:52:02 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\Haida_Matrix_Mama_Bhada_Satya_Kumud_Jolly.xls
[2010/03/03 10:48:57 | 000,512,512 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\Jolly_Finrep3_revised_on_250210.xls
[2010/02/20 12:03:17 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Harit\My Documents\Cards.xls
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2099/01/01 12:00:00 | 000,096,768 | -HS- | C] () -- C:\WINDOWS\System32\gajukilu.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\titobigi.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\vedilune.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\nisinupo.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\hupetetu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\benituyo.dll
[2099/01/01 12:00:00 | 000,043,520 | -HS- | C] () -- C:\WINDOWS\System32\mulumobu.dll
[2099/01/01 12:00:00 | 000,043,008 | -HS- | C] () -- C:\WINDOWS\System32\telelepu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\loguvoma
[2010/03/17 11:07:33 | 000,002,505 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\HiJackThis.lnk
[2010/03/17 11:06:48 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\HijackThis.msi
[2010/03/17 10:52:58 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\gxgtzyoa.job
[2010/03/07 21:23:45 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/03/07 21:22:38 | 002,729,912 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\TeamViewer_Setup.exe
[2010/03/03 17:12:07 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\Haida_Matrix_Mama_Bhada_Satya_Kumud_Jolly.xls
[2010/03/03 10:48:56 | 000,512,512 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\Jolly_Finrep3_revised_on_250210.xls
[2010/03/03 10:02:26 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Harit\My Documents\Cards.xls
[2009/09/27 17:09:48 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Harit\Local Settings\Application Data\kodakpcd.ini
[2009/09/02 15:40:15 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/02 12:02:24 | 000,524,288 | ---- | C] () -- C:\Program Files\Bios Data 090902.BIN
[2009/09/02 12:01:21 | 000,003,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\BS_Flash.sys
[2009/09/02 11:21:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\sndm360.dll
[2009/09/02 11:21:50 | 000,229,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndm360.sys
[2009/09/02 11:21:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndm360.dll
[2009/09/02 11:21:50 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndm360.ini
[2009/09/02 11:21:12 | 002,012,837 | ---- | C] () -- C:\Program Files\Philips Funcam Driver.zip
[2009/09/02 01:02:33 | 000,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2009/09/02 00:54:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/09/01 11:50:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/09/01 11:50:13 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/01 11:50:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/01 11:50:02 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2008/04/13 20:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2008/04/13 20:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 15:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 15:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2008/04/13 15:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 20:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 20:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 20:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2009/09/02 07:06:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/09/02 07:06:43 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/09/02 07:06:43 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

indfin · « **Reply #3 on:** March 17, 2010, 11:31:31 AM »

And here is the Extras.txt log. Also, this may sound foolish, but does it matter which user account I run OTL in (both accounts have administrative rights).

OTL Extras logfile created on: 3/17/2010 12:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Harit\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.37 Gb Free Space | 95.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TJ
Current User Name: Harit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(tm) 6 Update 18
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417E7710-C77B-4CB9-839A-D586A12C64E2}" = Smart Guardian
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ED84666-3A2A-4E28-AB26-B6B65260CB86}" = Philips FunCam
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8626A59-FD0E-449C-A23A-C52FC0733629}" = BIOS Update
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AIM_7" = AIM 7
"AVG8Uninstall" = AVG Free 8.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EXCEL" = Microsoft Office Excel 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.

" = Mozilla Firefox (3.5.

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"POWERPOINT" = Microsoft Office PowerPoint 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TeamViewer 5" = TeamViewer 5
"Veetle TV" = Veetle TV 0.9.16
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"VISPRO" = Microsoft Office Visio Professional 2007
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WORD" = Microsoft Office Word 2007

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/6/2009 2:57:10 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application setupx.exe, version 1.6.48.1, faulting module
mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/14/2009 8:30:47 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/14/2009 8:30:54 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/14/2009 8:31:37 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/14/2009 8:31:45 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/14/2009 8:49:51 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 8.0.0.456, faulting module
unknown, version 0.0.0.0, fault address 0x24003eed.

Error - 9/30/2009 9:16:10 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/30/2009 9:16:17 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/30/2009 9:17:02 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

Error - 9/30/2009 9:17:26 PM | Computer Name = TJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18812, fault address 0x00209d2c.

[ System Events ]
Error - 2/21/2010 10:09:49 PM | Computer Name = TJ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/21/2010 10:09:49 PM | Computer Name = TJ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/21/2010 10:09:52 PM | Computer Name = TJ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/21/2010 10:09:52 PM | Computer Name = TJ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 10:05:04 PM | Computer Name = TJ | Source = Service Control Manager | ID = 7000
Description = The NTPort Library Driver service failed to start due to the following
error: %%2001

Error - 2/28/2010 10:23:55 PM | Computer Name = TJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/28/2010 10:23:57 PM | Computer Name = TJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/28/2010 10:23:59 PM | Computer Name = TJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/28/2010 10:24:40 PM | Computer Name = TJ | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2/28/2010 10:24:40 PM | Computer Name = TJ | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

< End of report >

guestolo · « **Reply #4 on:** March 17, 2010, 10:15:15 PM »

Double click on OTL.exe and Run it

Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
MOD - [2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\system32\gajukilu.dll
MOD - [2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\system32\hupetetu.dll
O4 - HKLM..\Run: [gimorijet] C:\WINDOWS\System32\gajukilu.DLL ()
O20 - AppInit_DLLs: (c:\windows\system32\gajukilu.dll) - C:\WINDOWS\system32\gajukilu.dll ()
O20 - AppInit_DLLs: (hupetetu.dll) - C:\WINDOWS\System32\hupetetu.dll ()
O21 - SSODL: bawosediz - {64983b59-4b07-4635-920b-e135e8153529} - C:\WINDOWS\system32\gajukilu.dll ()
O22 - SharedTaskScheduler: {64983b59-4b07-4635-920b-e135e8153529} - tokatiluy - C:\WINDOWS\system32\gajukilu.dll ()
O33 - MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\Shell\AutoRun\command - "" = E:\h1dwg20.exe -- File not found
O33 - MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\Shell\explore\Command - "" = E:\h1dwg20.exe -- File not found
O33 - MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\Shell\open\Command - "" = E:\h1dwg20.exe -- File not found
:Reg
:Files
C:\WINDOWS\System32\gajukilu.dll
C:\WINDOWS\System32\titobigi.dll
C:\WINDOWS\System32\vedilune.dll
C:\WINDOWS\System32\nisinupo.dll
C:\WINDOWS\System32\hupetetu.dll
C:\WINDOWS\System32\benituyo.dll
C:\WINDOWS\System32\mulumobu.dll
C:\WINDOWS\System32\telelepu.dll
C:\WINDOWS\System32\loguvoma
C:\WINDOWS\tasks\gxgtzyoa.job
:Commands
[EmptyTemp]
[Reboot]
Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

indfin · « **Reply #5 on:** March 18, 2010, 08:22:41 AM »

When opening Firefox after running OTL Fix and rebooting, a pop-up opened which wanted to install a Active-X add-on. When I X-ed it, it won't close but minimized itself. However, this did not repeat after then running Malware.

OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gimorijet deleted successfully.
File C:\WINDOWS\System32\gajukilu.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\gajukilu.dll deleted successfully.
File C:\WINDOWS\system32\gajukilu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:hupetetu.dll deleted successfully.
C:\WINDOWS\system32\hupetetu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bawosediz not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64983b59-4b07-4635-920b-e135e8153529}\ not found.
File C:\WINDOWS\system32\gajukilu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{64983b59-4b07-4635-920b-e135e8153529} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64983b59-4b07-4635-920b-e135e8153529}\ not found.
File C:\WINDOWS\system32\gajukilu.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f91b874-a190-11de-b86e-0012176dfe18}\ not found.
File E:\h1dwg20.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f91b874-a190-11de-b86e-0012176dfe18}\ not found.
File E:\h1dwg20.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f91b874-a190-11de-b86e-0012176dfe18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f91b874-a190-11de-b86e-0012176dfe18}\ not found.
File E:\h1dwg20.exe not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\System32\gajukilu.dll not found.
File\Folder C:\WINDOWS\System32\titobigi.dll not found.
C:\WINDOWS\System32\vedilune.dll moved successfully.
C:\WINDOWS\System32\nisinupo.dll moved successfully.
File\Folder C:\WINDOWS\System32\hupetetu.dll not found.
C:\WINDOWS\System32\benituyo.dll moved successfully.
C:\WINDOWS\System32\mulumobu.dll moved successfully.
C:\WINDOWS\System32\telelepu.dll moved successfully.
C:\WINDOWS\System32\loguvoma moved successfully.
File\Folder C:\WINDOWS\tasks\gxgtzyoa.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Harit
->Temp folder emptied: 4371203 bytes
->Temporary Internet Files folder emptied: 7518238 bytes
->Java cache emptied: 25597223 bytes
->FireFox cache emptied: 51976260 bytes
->Flash cache emptied: 4682 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tej
->Temp folder emptied: 1430693 bytes
->Temporary Internet Files folder emptied: 3575877 bytes
->Java cache emptied: 14874810 bytes
->FireFox cache emptied: 85141706 bytes
->Google Chrome cache emptied: 355093029 bytes
->Flash cache emptied: 95737 bytes

User: Z Everyone Else
->Temp folder emptied: 12332 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 49225744 bytes
->Flash cache emptied: 5020 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10954182 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 784 bytes

Total Files Cleaned = 584.00 mb

OTL by OldTimer - Version 3.1.37.2 log created on 03182010_083823

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
__________________________________________________________________

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3879
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/18/2010 9:12:07 AM
mbam-log-2010-03-18 (09-12-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165897
Time elapsed: 19 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sabiyogi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{883ef398-cad3-4910-a100-221ef09442c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gimorijet (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{883ef398-cad3-4910-a100-221ef09442c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kidugeboy (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sabiyogi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sabiyogi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kepoluhu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mepawadi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sabiyogi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{69388410-06C5-4F3C-AF86-F34865640B73}\RP193\A0010339.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
______________________________________________________________________

Thanks a lot.

guestolo · « **Reply #6 on:** March 20, 2010, 07:03:29 PM »

Sorry for the delay, can you still do the following
Download ComboFix from only this location

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

indfin · « **Reply #7 on:** March 21, 2010, 03:13:11 AM »

No problem. Here is the ComboFix Log.

ComboFix 10-03-20.01 - Harit 03/21/2010 4:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1223 [GMT -4:00]
Running from: c:\documents and settings\Harit\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\Tasks\qjwattqv.job

.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-18 12:50 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 12:50 . 2010-03-18 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2010-03-18 12:50 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 12:38 . 2010-03-18 12:38 -------- d-----w- C:\_OTL
2010-03-17 16:40 . 2010-03-17 16:40 61440 ----a-w- c:\documents and settings\Harit\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-70508c70-n\decora-sse.dll
2010-03-17 16:40 . 2010-03-17 16:40 12800 ----a-w- c:\documents and settings\Harit\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-70508c70-n\decora-d3d.dll
2010-03-17 15:07 . 2010-03-17 15:07 388096 ----a-r- c:\documents and settings\Harit\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-17 15:07 . 2010-03-17 15:07 -------- d-----w- c:\program files\HJT
2010-03-16 07:28 . 2010-03-17 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 07:18 . 2010-03-16 07:18 -------- d-----w- c:\documents and settings\Tej\Local Settings\Application Data\ArcSoft
2010-03-16 07:18 . 2010-03-16 07:18 -------- d-----w- c:\documents and settings\Tej\Application Data\ArcSoft
2010-03-14 19:59 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-14 19:59 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-14 19:59 . 2008-04-14 04:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-03-14 19:59 . 2008-04-14 04:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-11 01:23 . 2010-03-11 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-11 00:56 . 2010-03-11 00:56 -------- d-sh--w- c:\documents and settings\Tej\IECompatCache
2010-03-11 00:29 . 2010-03-11 00:29 -------- d-----w- c:\program files\Microsoft.NET
2010-03-11 00:10 . 2010-03-11 00:10 -------- d-----w- c:\documents and settings\Tej\Application Data\Malwarebytes
2010-03-10 23:55 . 2010-03-10 23:55 61440 ----a-w- c:\documents and settings\Tej\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3afe0909-n\decora-sse.dll
2010-03-10 23:55 . 2010-03-10 23:55 12800 ----a-w- c:\documents and settings\Tej\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3afe0909-n\decora-d3d.dll
2010-03-10 23:55 . 2010-03-10 23:55 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 23:55 . 2010-03-10 23:55 503808 ----a-w- c:\documents and settings\Tej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2802009f-n\msvcp71.dll
2010-03-10 23:55 . 2010-03-10 23:55 499712 ----a-w- c:\documents and settings\Tej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2802009f-n\jmc.dll
2010-03-10 23:55 . 2010-03-10 23:55 348160 ----a-w- c:\documents and settings\Tej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2802009f-n\msvcr71.dll
2010-03-08 01:40 . 2010-03-08 01:40 -------- d-----w- c:\documents and settings\Tej\Application Data\TeamViewer
2010-03-08 01:23 . 2010-03-08 01:23 -------- d-----w- c:\documents and settings\Harit\Application Data\TeamViewer
2010-03-08 01:23 . 2010-03-08 01:23 -------- d-----w- c:\program files\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 08:05 . 2009-09-06 17:58 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-18 13:28 . 2009-09-01 15:43 69232 ----a-w- c:\documents and settings\Harit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 07:41 . 2009-11-09 03:35 69232 ----a-w- c:\documents and settings\Tej\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 00:30 . 2009-09-02 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 23:55 . 2009-09-02 04:30 -------- d-----w- c:\program files\Java
2010-02-15 16:24 . 2009-09-02 04:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 16:24 . 2009-09-02 04:09 -------- d-----w- c:\program files\SpywareBlaster
2010-02-15 01:06 . 2010-02-15 01:06 -------- d-----w- c:\program files\Veetle
2010-01-21 23:37 . 2010-01-21 23:37 152576 ----a-w- c:\documents and settings\Harit\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-21 23:37 . 2010-01-21 23:37 79488 ----a-w- c:\documents and settings\Harit\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 21:33 . 2010-01-21 21:33 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-21 21:33 . 2010-01-21 21:32 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2010-01-21 21:33 . 2009-09-01 15:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2008-04-13 19:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-06-23 15:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-09-02 16:03 . 2009-09-02 16:02 524288 ----a-w- c:\program files\Bios Data 090902.BIN
2009-09-02 15:21 . 2009-09-02 15:21 2012837 ----a-w- c:\program files\Philips Funcam Driver.zip
.

------- Sigcheck -------

[-] 2008-08-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NumLock.vbs [2009-9-2 77]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 04:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VModes]
VModes AttachToDesktop [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-07-10 17:59 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-03-19 13:25 2046816 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-01-21 18:49 33587200 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-06-11 15:15 176128 ----a-w- c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2006-09-21 20:36 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/2/2009 12:03 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/2/2009 12:03 AM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/2/2009 12:43 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [9/2/2009 12:01 PM 16768]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/2/2009 12:02 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/2/2009 12:02 AM 297752]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/21/2010 5:33 PM 53307]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/11/2009 11:18 AM 1050112]
S3 BS_Flash;BS_Flash;c:\program files\BIOS Update\Award\BS_Flash.sys [9/2/2009 12:57 AM 3604]
S3 SNDM360;Philips FunCam;c:\windows\system32\drivers\sndm360.sys [9/2/2009 11:21 AM 229760]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Harit\Application Data\Mozilla\Firefox\Profiles\w0ewnrm0.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Update - c:\documents and settings\Tej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 04:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-21 04:08:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-21 08:08

Pre-Run: 238,344,454,144 bytes free
Post-Run: 238,299,025,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C18310FC49FAC0226DBD3843D19C9B94

guestolo · « **Reply #8 on:** March 21, 2010, 02:24:04 PM »

Looks good, but your version of AVG is outdated
I suggest that you download the latest copy from this location
http://download.cnet.com/AVG-Anti-Virus-Fr...cdlPid=11014801
Save the installer to desktop, but don't install yet

Afterwards, uninstall your copy of AVG from Add and Remove programs
Reboot the computer, then install the newest version
NOTE: I noticed you don't have the Security toolbar or Linkscanner installed from AVG

I don't use them on install either, so if you prefer to install that way, ensure to do a Custom install and deselect the Linkscanner option when installing

When your done installing, ensure it's updated, run a complete scan

Afterwards, reopen OTL.exe, run a fresh scan, post back the new log
Keep me informed how things are now running

indfin · « **Reply #9 on:** March 22, 2010, 12:18:23 PM »

Installed AVG and ran the scan. Nothing found.

Computer is running fine, thank you very much. But I have a few questions:

1. I want to remove 'Adobe Creative Suite 3 Design Premium.' But when I try to do it from Add/Remove Programs, it starts to install the program, rather than uninstalling it. I had trouble installing it initially, now I don't want it. How do I get rid of it?
2. I am not able to uninstall the seven entries related to 'ArcSoft Print Creations.' Are they part and parcel of Kodak EasyShare?
3. Do I need 'VIA Display Driver'? Is it used by Chrome?
4. Do I need 'Musicnotes Software Suite'?

Thanks.

indfin · « **Reply #10 on:** March 22, 2010, 08:46:54 PM »

I can't seem to post my reply anymore. When I copy the OTL log here and hit Reply, it says 'Method Not Implemented'. So I'll try to upload it.

OTL logfile created on: 3/22/2010 12:44:12 PM - Run 2
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Harit\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.68 Gb Free Space | 95.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TJ
Current User Name: Harit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/03/22 12:21:55 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/22 12:21:53 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/22 12:21:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/22 12:21:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/22 12:21:49 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/22 12:21:48 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 12:16:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe
PRC - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/07 22:33:42 | 005,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
PRC - [2005/07/04 17:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/03/17 12:16:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Running] -- -- (WUSB54Gv42SVC)
SRV - [2010/03/22 12:21:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/22 12:21:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/03/22 12:21:54 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/22 12:21:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/22 12:21:49 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/01/11 11:18:04 | 001,050,112 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/09/25 05:58:32 | 000,021,656 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008/09/25 05:57:20 | 000,012,952 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/13 13:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 14:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/08/16 10:09:38 | 000,003,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/12/11 21:02:24 | 000,016,768 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2005/10/17 20:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/04/23 22:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
DRV - [2003/12/08 19:35:16 | 000,229,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndm360.sys -- (SNDM360)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 00:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 08:25:19 | 000,000,000 | ---D | M]

[2009/09/01 23:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harit\Application Data\Mozilla\Extensions
[2010/03/17 10:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harit\Application Data\Mozilla\Firefox\Profiles\w0ewnrm0.default\extensions
[2010/01/21 17:44:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Harit\Application Data\Mozilla\Firefox\Profiles\w0ewnrm0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 21:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/21 04:06:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NumLock.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/01 11:29:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/03/22 12:21:53 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/22 12:19:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/22 12:18:14 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/22 12:18:09 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/22 12:18:08 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/22 12:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/22 12:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/22 12:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/22 11:49:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/22 11:49:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/22 11:49:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/22 11:49:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/21 04:01:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/21 04:00:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/21 04:00:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/21 04:00:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/21 04:00:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/21 04:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/21 04:00:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/18 08:50:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 08:50:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/18 08:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2010/03/18 08:48:47 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Harit\Desktop\mbam-setup(2).exe
[2010/03/18 08:38:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/17 12:16:51 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe
[2010/03/17 11:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/03/17 10:56:27 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Harit\Desktop\mbam-setup.exe
[2010/03/16 03:34:58 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/16 03:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 15:59:45 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/14 15:59:41 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/03/10 21:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/03/10 20:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/03/10 20:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/03/10 19:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/10 19:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/10 19:55:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/10 19:55:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/10 19:55:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/08 09:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Docs
[2010/03/07 21:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harit\Application Data\TeamViewer
[2010/03/07 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/03/03 10:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harit\Desktop\School
[2009/09/02 11:21:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndm360.dll

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/03/22 12:24:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 12:24:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 12:23:08 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Harit\NTUSER.DAT
[2010/03/22 12:23:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Harit\ntuser.ini
[2010/03/22 12:21:54 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/22 12:21:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/22 12:21:53 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/22 12:21:49 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/22 12:18:15 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/22 12:18:08 | 057,504,857 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/22 12:18:08 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/22 12:17:56 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/03/22 12:17:56 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/03/22 12:17:56 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/03/22 11:52:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/21 04:06:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/21 04:06:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/21 04:01:38 | 000,000,281 | RHS- | M] () -- C:\boot. ini
[2010/03/21 03:59:29 | 003,895,855 | R--- | M] () -- C:\Documents and Settings\Harit\Desktop\ComboFix.exe
[2010/03/18 09:28:15 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\Harit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/18 08:50:34 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 08:49:04 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Harit\Desktop\mbam-setup(2).exe
[2010/03/18 08:39:16 | 000,001,744 | -H-- | M] () -- C:\WINDOWS\System32\loguvoma
[2010/03/17 12:16:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harit\Desktop\OTL.exe
[2010/03/17 11:07:45 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\HiJackThis.lnk
[2010/03/17 11:06:48 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\HijackThis.msi
[2010/03/17 10:56:38 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Harit\Desktop\mbam-setup.exe
[2010/03/14 19:09:20 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 19:09:20 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 19:09:20 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 18:25:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 21:10:39 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/07 21:23:45 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/03/07 21:22:57 | 002,729,912 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\TeamViewer_Setup.exe
[2010/03/03 10:48:57 | 000,512,512 | ---- | M] () -- C:\Documents and Settings\Harit\Desktop\Jolly_Finrep3_revised_on_250210.xls

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2099/01/01 12:00:00 | 000,001,744 | -H-- | C] () -- C:\WINDOWS\System32\loguvoma
[2010/03/22 12:18:15 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/22 12:18:08 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/22 12:17:56 | 057,504,857 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/22 12:17:56 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/03/22 12:17:56 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/03/22 12:17:56 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/03/21 04:01:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/21 04:01:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/21 04:00:52 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/21 04:00:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/21 04:00:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/21 04:00:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/21 04:00:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/21 03:59:23 | 003,895,855 | R--- | C] () -- C:\Documents and Settings\Harit\Desktop\ComboFix.exe
[2010/03/18 08:50:34 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 11:07:33 | 000,002,505 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\HiJackThis.lnk
[2010/03/17 11:06:48 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\HijackThis.msi
[2010/03/07 21:23:45 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/03/07 21:22:38 | 002,729,912 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\TeamViewer_Setup.exe
[2010/03/03 10:48:56 | 000,512,512 | ---- | C] () -- C:\Documents and Settings\Harit\Desktop\Jolly_Finrep3_revised_on_250210.xls
[2010/03/03 10:02:26 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Harit\My Documents\Cards.xls
[2009/09/27 17:09:48 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Harit\Local Settings\Application Data\kodakpcd.ini
[2009/09/02 15:40:15 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/02 12:02:24 | 000,524,288 | ---- | C] () -- C:\Program Files\Bios Data 090902.BIN
[2009/09/02 12:01:21 | 000,003,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\BS_Flash.sys
[2009/09/02 11:21:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\sndm360.dll
[2009/09/02 11:21:50 | 000,229,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndm360.sys
[2009/09/02 11:21:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndm360.dll
[2009/09/02 11:21:50 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndm360.ini
[2009/09/02 11:21:12 | 002,012,837 | ---- | C] () -- C:\Program Files\Philips Funcam Driver.zip
[2009/09/02 00:54:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/09/01 11:50:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/09/01 11:50:13 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/01 11:50:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/01 11:50:02 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

indfin · « **Reply #11 on:** April 07, 2010, 10:05:15 PM »

Since I did not hear back from you, I thought I will send you a reminder.

guestolo · « **Reply #12 on:** April 11, 2010, 11:25:33 AM »

Sorry for the delay, can you do the following please

Go to START>>RUN>>Copy/paste the next command in Red, then click OK

[color=\"#FF0000\"]ComboFix /uninstall[/color]

This will uninstall ComboFix and it's components

Open OTL.exe and click on the CLEANUP button
Follow the prompts, reboot the computer when prompted

Keep me informed how things are now running please

Edit>>Can you also do the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Let me know which programs your still having problems removing

indfin · « **Reply #13 on:** April 12, 2010, 12:13:16 PM »

Thank you for replying.

Here is the Uninstall List from HijackThis:
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advertising Center
AIM 7
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AVG Free 9.0
BIOS Update
CCScore
DolbyFiles
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
foobar2000 v1.0.1
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Java(tm) 6 Update 18
Kodak EasyShare software
LightScribe System Software
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.2
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
netbrdg
OfotoXMI
Philips FunCam
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
skin0001
SKINXSDK
SoundTrax
SpywareBlaster 4.2
staticcr
TeamViewer 5
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Display Driver 6.14.10.0099
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VPRINTOL
Windows Installer Clean Up
Windows Internet Explorer 8
WIRELESS

I still cannot uninstall Adobe Creative Suite 3 Design Premium. As I had mentioned earlier, it begins to install it versus unictalling it from the Add/Remove Programs.

Also, from my previous post:

2. I am not able to uninstall the seven entries related to 'ArcSoft Print Creations.' Are they part and parcel of Kodak EasyShare?
3. Do I need 'VIA Display Driver'? Is it used by Chrome?
4. Do I need 'Musicnotes Software Suite'?

Thanks again.

guestolo · « **Reply #14 on:** April 17, 2010, 10:30:21 AM »

Quote

3. Do I need 'VIA Display Driver'?

Yes, leave it installed, Video display driver

Quote

4. Do I need 'Musicnotes Software Suite'?

No, up to you to keep or uninstall

Quote

I still cannot uninstall Adobe Creative Suite 3 Design Premium. As I had mentioned earlier, it begins to install it versus unictalling it from the Add/Remove Programs.

You have
Windows Installer Clean Up utility installed, can you run it from Start>>All Programs
For now, just let me know if you see anything related to Adobe Creative Suite 3 Design Premium

We'll deal with No. 2 if we can resolve No.1

indfin · « **Reply #15 on:** April 18, 2010, 05:44:57 PM »

Did not find Windows Installer Clean Up Utility in Start>>All Programs. Instead, opened Windows Installer Clean Up Application (msicuu.exe) from C:\Program Files. Did not see anything related to Adobe Creative Suite 3 Design Premium in there.

Thanks.

guestolo · « **Reply #16 on:** April 18, 2010, 09:55:01 PM »

Try running the Adobe CS3Clean Script from this link
http://www.adobe.com/support/contact/cs3clean.html

Here's the instructions

Quote

Windows
1. Download and unzip WinCS3Clean.zip
2. Double click on the WinCS3Clean folder to open the directory.
3. Double click on CS3Clean

Note: Windows Vista is more strict about security and requires this tool be run as an
Administrator. If the script does not work after typing in your password, right-click on
CS3Clean and select "Run as Administrator."

Important: The Microsoft Windows Installer CleanUp Utility is required to complete
the cleaning. The Adobe CS3Clean script will check to see if this utility is installed on your
computer. If the Windows Installer CleanUp Utility is not installed on your computer, the
CS3Clean script will notify you and then quit. If you receive this notification, please go to
http://support.microsoft.com/kb/290301 on Microsoftâ€™s Support web site for instructions on
downloading and installing this utility.

Reboot after running it

Let me know if that helps with Adobe CS3

indfin · « **Reply #17 on:** April 19, 2010, 07:53:33 AM »

Yes, that took care of it. Thank you. And the computer is otherwise running fine too.

I want to install Windows 7 on this machine and did not want to carry over any junk. Thank you for your help.

guestolo · « **Reply #18 on:** April 19, 2010, 09:00:04 AM »

Quote

2. I am not able to uninstall the seven entries related to 'ArcSoft Print Creations.' Are they part and parcel of Kodak EasyShare?

It could be, take a look at the following link
http://www.kodak.com/eknec/PageQuerier.jht...900688a809ee043

Check your computer for Windows 7 upgrade readiness
Read the following link
http://www.microsoft.com/Windows/windows-7...de-advisor.aspx

indfin · « **Reply #19 on:** April 19, 2010, 01:52:05 PM »

Ran the Windows 7 Upgrade Advisor. It all looks ok, except that it seems that I will have to install all programs again. Oh well!

Thanks again.

News:

Author Topic: Cannot Download or Uninstall and Pop-Ups Galore (Read 2351 times)