I have a redirect problem when using surfing

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

BullGuard Antivirus Forum > Virus > Virus Questions > I have a redirect problem when using surfing

Forum Quick Jump

48 posts in this thread.
Viewing Page : 1 2

[ << Previous Thread | Next Thread >> ]

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-18-2009 8:52 (GMT +2)

Here is a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:12, on 18/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\windows\system32\rundll32.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [maxpc_er] C:\Program Files\MAXpc\MAXpc.exe /er
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca4560267dd27c) (gupdate1ca4560267dd27c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 14372 bytes

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-19-2009 4:56 (GMT +2)

Welcome to BG forums shytalk,

Some installed adware/spyware showing here. Let's get more details and then start some repairs.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-19-2009 6:45 (GMT +2)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-19 04:44:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 129 GB (85%) free of 153 GB
Total RAM: 1919 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:44:25, on 19/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\windows\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [maxpc_er] C:\Program Files\MAXpc\MAXpc.exe /er
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca4560267dd27c) (gupdate1ca4560267dd27c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 14458 bytes

======Scheduled tasks folder======

C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\User_Feed_Synchronization-{B68ADE69-EAE6-4D2C-9B2D-A2F1CA9CA230}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-14 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1115392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-22 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-06 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-09 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
SITEguard
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82784]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-22 259696]
Locked

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1115392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2007-08-10 16384000]
"SkyTel"=C:\windows\SkyTel.EXE [2007-08-03 1826816]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-03-25 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"Piolet"=C:\Program Files\Piolet\Piolet.exe SILENT []
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-09 68592]
"Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-18 45056]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-15 2020120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"mount.exe"=C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe [2008-04-11 374272]
"maxpc_er"=C:\Program Files\MAXpc\MAXpc.exe /er []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-06 68856]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\windows\system32\avgrsstx.dll [2009-11-14 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Piolet\Piolet.exe"="C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-11-19 04:44:14 ----D---- C:\rsit
2009-11-18 19:15:36 ----A---- C:\windows\zip.exe
2009-11-18 19:15:36 ----A---- C:\windows\SWXCACLS.exe
2009-11-18 19:15:36 ----A---- C:\windows\SWSC.exe
2009-11-18 19:15:36 ----A---- C:\windows\SWREG.exe
2009-11-18 19:15:36 ----A---- C:\windows\sed.exe
2009-11-18 19:15:36 ----A---- C:\windows\PEV.exe
2009-11-18 19:15:36 ----A---- C:\windows\NIRCMD.exe
2009-11-18 19:15:36 ----A---- C:\windows\MBR.exe
2009-11-18 19:15:36 ----A---- C:\windows\grep.exe
2009-11-18 19:15:14 ----D---- C:\windows\ERDNT
2009-11-18 19:15:12 ----SD---- C:\ComboFix
2009-11-18 17:50:41 ----D---- C:\Program Files\Delicious - Emily's Holiday Season
2009-11-14 23:49:41 ----HD---- C:\$AVG
2009-11-14 23:49:28 ----A---- C:\windows\system32\avgrsstx.dll
2009-11-14 23:49:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-11-14 23:48:47 ----A---- C:\windows\system32\avgfwdx.dll
2009-11-11 17:12:21 ----D---- C:\windows\system32\NtmsData
2009-11-11 10:53:25 ----HDC---- C:\windows\$NtUninstallKB969947$
2009-11-11 08:34:24 ----A---- C:\tool.exe
2009-11-11 00:30:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-10 19:36:23 ----D---- C:\Program Files\Trend Micro
2009-11-10 15:50:11 ----D---- C:\Documents and Settings\Owner\Application Data\Registry Mechanic
2009-11-10 04:35:28 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-11-10 04:35:25 ----D---- C:\Program Files\WinZip
2009-11-10 03:54:59 ----D---- C:\AVGTemp
2009-11-09 19:57:11 ----A---- C:\windows\Your Product Uninstall Log.txt
2009-11-07 11:52:58 ----D---- C:\Program Files\iPod
2009-11-07 11:52:55 ----D---- C:\Program Files\iTunes
2009-11-07 11:52:55 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-07 11:50:31 ----D---- C:\Program Files\QuickTime
2009-11-05 18:03:31 ----D---- C:\Documents and Settings\Owner\Application Data\bigfish
2009-11-05 18:03:31 ----D---- C:\Documents and Settings\All Users\Application Data\bigfish
2009-11-05 16:55:57 ----AH---- C:\aaw7boot.cmd
2009-11-03 17:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\Fitn17
2009-10-29 18:29:18 ----D---- C:\Documents and Settings\Owner\Application Data\Alawar
2009-10-29 17:15:28 ----A---- C:\windows\system32\XAudio2_5.dll
2009-10-29 17:15:28 ----A---- C:\windows\system32\xactengine3_5.dll
2009-10-29 17:15:27 ----A---- C:\windows\system32\d3dcsx_42.dll
2009-10-29 17:15:27 ----A---- C:\windows\system32\D3DCompiler_42.dll
2009-10-29 17:15:26 ----A---- C:\windows\system32\d3dx11_42.dll
2009-10-29 17:15:26 ----A---- C:\windows\system32\d3dx10_42.dll
2009-10-29 17:15:25 ----A---- C:\windows\system32\D3DX9_42.dll
2009-10-29 17:15:25 ----A---- C:\windows\system32\d3dx10_41.dll
2009-10-29 17:15:25 ----A---- C:\windows\system32\D3DCompiler_41.dll
2009-10-29 17:15:24 ----A---- C:\windows\system32\D3DX9_41.dll
2009-10-29 17:15:23 ----A---- C:\windows\system32\XAudio2_4.dll
2009-10-29 17:15:23 ----A---- C:\windows\system32\XAPOFX1_3.dll
2009-10-29 17:15:22 ----A---- C:\windows\system32\xactengine3_4.dll
2009-10-29 17:15:22 ----A---- C:\windows\system32\X3DAudio1_6.dll
2009-10-25 16:58:49 ----D---- C:\GameHouse Games
2009-10-25 16:58:48 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
2009-10-25 16:58:47 ----D---- C:\Program Files\Zylom Games
2009-10-25 16:57:13 ----D---- C:\Program Files\RealArcade
2009-10-24 16:05:19 ----D---- C:\Documents and Settings\Owner\Application Data\GamesCafe
2009-10-24 15:47:49 ----D---- C:\Documents and Settings\Owner\Application Data\GraveyardShift
2009-10-20 16:29:44 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty

======List of files/folders modified in the last 1 months======

2009-11-19 04:44:25 ----D---- C:\windows\Prefetch
2009-11-19 04:43:08 ----D---- C:\windows\Temp
2009-11-19 04:37:33 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2009-11-19 02:27:44 ----D---- C:\Program Files\PokerStars
2009-11-19 00:01:24 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2009-11-18 20:34:03 ----A---- C:\windows\SchedLgU.Txt
2009-11-18 19:33:24 ----D---- C:\windows\Minidump
2009-11-18 19:33:24 ----D---- C:\WINDOWS
2009-11-18 19:31:40 ----D---- C:\windows\system32\drivers
2009-11-18 19:31:39 ----D---- C:\Qoobox
2009-11-18 19:27:25 ----D---- C:\windows\system32
2009-11-18 19:27:25 ----D---- C:\windows\AppPatch
2009-11-18 19:27:24 ----D---- C:\Program Files\Common Files
2009-11-18 19:22:50 ----D---- C:\windows\system32\CatRoot2
2009-11-18 18:25:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-18 17:50:41 ----RD---- C:\Program Files
2009-11-17 17:38:48 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
2009-11-16 16:35:42 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-11-15 00:01:35 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-11-14 23:48:55 ----HD---- C:\windows\inf
2009-11-14 23:48:44 ----SHD---- C:\windows\Installer
2009-11-14 20:17:18 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-11-11 17:10:36 ----D---- C:\windows\security
2009-11-11 10:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-11 10:53:27 ----RSHDC---- C:\windows\system32\dllcache
2009-11-11 03:54:49 ----HD---- C:\windows\$hf_mig$
2009-11-11 00:31:15 ----D---- C:\Program Files\AVG
2009-11-10 19:07:19 ----D---- C:\Program Files\DivX
2009-11-10 17:13:42 ----D---- C:\Program Files\Yahoo!
2009-11-10 13:06:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 12:49:28 ----D---- C:\windows\WinSxS
2009-11-10 03:17:52 ----DC---- C:\windows\system32\DRVSTORE
2009-11-10 03:17:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-10 03:12:31 ----SD---- C:\windows\Tasks
2009-11-10 00:53:48 ----A---- C:\windows\NeroDigital.ini
2009-11-09 19:49:41 ----D---- C:\Documents and Settings
2009-11-09 19:18:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-07 13:09:48 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2009-11-07 11:52:58 ----D---- C:\Program Files\Common Files\Apple
2009-11-05 18:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2009-11-05 17:36:21 ----A---- C:\windows\system32\MRT.exe
2009-11-05 15:57:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-05 15:29:23 ----SD---- C:\windows\Downloaded Program Files
2009-11-04 16:15:27 ----A---- C:\windows\imsins.BAK
2009-11-04 16:15:16 ----D---- C:\windows\ie7updates
2009-10-29 17:15:30 ----D---- C:\windows\system32\DirectX
2009-10-29 17:15:15 ----HD---- C:\windows\msdownld.tmp
2009-10-27 20:40:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-26 20:43:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-25 22:01:19 ----D---- C:\Program Files\Common Files\Adobe
2009-10-25 22:01:09 ----D---- C:\Program Files\Adobe
2009-10-25 21:44:30 ----D---- C:\Program Files\Google
2009-10-25 13:07:20 ----A---- C:\windows\Ulead32.ini
2009-10-25 12:15:53 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-10-21 04:08:54 ----A---- C:\windows\system32\mshtml.dll
2009-10-20 16:29:25 ----D---- C:\Farm Frenzy 1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\windows\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2009-11-14 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2009-11-14 28424]
R1 AvgTdiX;AVG Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2009-11-14 360584]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 Avgfwdx;Avgfwdx; C:\windows\system32\DRIVERS\avgfwdx.sys [2009-11-14 30104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NuidFltr;NUID filter driver; C:\windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2007-05-21 46080]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2007-05-21 19968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 a4fl6oif;a4fl6oif; C:\windows\system32\drivers\a4fl6oif.sys []
S3 Avgfwfd;AVG network filter service; C:\windows\system32\DRIVERS\avgfwdx.sys [2009-11-14 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
S3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
S3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-14 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-11-14 2304192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2006-10-31 155715]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe []
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-11-14 5832712]
S2 gupdate1ca4560267dd27c;Google Update Service (gupdate1ca4560267dd27c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-19-2009 6:52 (GMT +2)

info.txt logfile of random's system information tool 1.06 2009-11-19 04:44:27

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
AdwareAlert-->MsiExec.exe /X{0E59C8E1-AE03-4171-B390-63C80DF004C7}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BBC iPlayer Desktop-->msiexec /qb /x {BEA18030-8B42-1286-EF64-CDA6BD083888}
BBC iPlayer Desktop-->MsiExec.exe /I{BEA18030-8B42-1286-EF64-CDA6BD083888}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BlueSquare Poker-->"C:\Poker\BlueSquare Poker\_SetupPoker[1].exe" /uninstall
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Delicious - Emily's Holiday Season-->"C:\Program Files\Delicious - Emily's Holiday Season\unins000.exe"
Dungeon Keeper Gold-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\SYSTEM\KEEPER\DeIsL3.isu
EA AutoPatch-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\NPSPatch.isu
GiPo@FileUtilities 3.2-->MsiExec.exe /I{E2B64929-B616-4235-B10E-D26D686296F9}
GoldenCasino-->C:\Program Files\InstallShield Installation Information\{8EF1FB4F-5C75-4B9E-B55E-061465DD05E0}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSN Toolbar-->MsiExec.exe /I{C994D98C-293D-4825-958E-EB684B4D413F}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->MsiExec.exe /X{F0AAE3C5-D70C-4F3C-8B6A-EC3992921033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Music-->MsiExec.exe /I{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
Nokia Software Updater-->MsiExec.exe /X{9F59C3AE-81B0-4EF6-9762-D674BB079705}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
Play65-->C:\Program Files\Play65\Play65.exe /uninstall
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe"
V5340s Digital Camera Driver-->C:\PROGRA~1\V5340S~1\UNWISE.EXE C:\PROGRA~1\V5340S~1\INSTALL.LOG
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Web Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall
Windows Driver Package - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\windows\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\windows\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-11-10]

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

======System event log======

Computer Name: OWNER-749B5C9B0
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 32049
Source Name: Service Control Manager
Time Written: 20091109195840.000000+000
Event Type: error
User:

Computer Name: OWNER-749B5C9B0
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 32046
Source Name: Service Control Manager
Time Written: 20091109195840.000000+000
Event Type: error
User:

Computer Name: OWNER-749B5C9B0
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 32043
Source Name: Service Control Manager
Time Written: 20091109195840.000000+000
Event Type: error
User:

Computer Name: OWNER-749B5C9B0
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 32040
Source Name: Service Control Manager
Time Written: 20091109195840.000000+000
Event Type: error
User:

Computer Name: OWNER-749B5C9B0
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 32037
Source Name: Service Control Manager
Time Written: 20091109195840.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-749B5C9B0
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 5936
Source Name: Userenv
Time Written: 20090925001854.000000+060
Event Type: warning
User: OWNER-749B5C9B0\Owner

Computer Name: OWNER-749B5C9B0
Event Code: 1517
Message: Windows saved user OWNER-749B5C9B0\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5912
Source Name: Userenv
Time Written: 20090924232155.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Record Number: 5911
Source Name: Userenv
Time Written: 20090924232155.000000+060
Event Type: warning
User: OWNER-749B5C9B0\Owner

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5866
Source Name: Userenv
Time Written: 20090923002226.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Record Number: 5865
Source Name: Userenv
Time Written: 20090923002225.000000+060
Event Type: warning
User: OWNER-749B5C9B0\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-19-2009 6:57 (GMT +2)

Hi Jintan,

I've done as requested and posted the logs, but I may have jumped the gun by running combofix. This seems to have cured the redirect issue, but please advise if there are any other nasties lying around.

I'd love to know how I've been infected as I have been running AVG since day 1.

Thanks for your assistance.

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-20-2009 3:32 (GMT +2)

I will need to see that ComboFix log, just to verify it did not show some malware that had not been removed. AVG is an antivirus software, and although it might include an antispyware component good security requires good security practices by the user. These logs show many questionable or adware softwares that have been there over time, so you will need to check out things before installing them. Some rogue fake softwares, like Maxpc and SpyNoMore, show only as remnants, but you still have the rogue AdwareAlert installed.

And you have many poker-type installs, which tend to also be known to do less-than-beneficial actions on a user's system. That PokerStars is listed here, so you may want to keep that BC website handy for future references.

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

DAEMON Tools Toolbar - adware/spyware (see here)
AdwareAlert - rogue software (see here)

But before we do other repairs please post the existing C:\ComboFix.txt log for review.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-20-2009 7:21 (GMT +2)

Hi, here is combofix.txt

ComboFix 09-11-18.06 - Owner 18/11/2009 19:22:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1919.1456 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

I have removed Daemon, but cannot remove Adwarealert

The feature you are trying to use is on a network resource that is unavailable. It is trying to find adawarealert.msi

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-20-2009 7:07 (GMT +2)

If that is all of the ComboFix log then it looks like it may have worked, but failed when creating the log. We can remove that AdwareAlert entry, but first I would like to see the results of a new ComboFix run.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Delete any existing copies of ComboFix.exe, then download ComboFix.exe from here to your desktop, and click that to run ComboFix.

When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-20-2009 7:57 (GMT +2)

Hi,

AVG doesn't have a disable option for Anti-virus, so I have followed your instructions, allbeit with AVG still running.

ComboFix 09-11-20.01 - Owner 20/11/2009 17:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1919.1175 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\pciide.sys
.
---- Previous Run -------
.
c:\documents and settings\John\Re_ .eml
c:\documents and settings\John\your Trip .eml
c:\documents and settings\Owner\Re_ .eml
c:\documents and settings\Owner\your Trip .eml

Infected copy of c:\windows\system32\drivers\nvata.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 17:34 . 2008-04-14 12:00 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 17:34 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 17:34 . 2006-10-18 08:31 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2009-11-20 11:25 . 2009-11-14 23:49 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 11:25 . 2009-11-14 23:49 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-19 04:44 . 2009-11-19 04:44 -------- d-----w- C:\rsit
2009-11-18 17:50 . 2009-11-18 17:50 -------- d-----w- c:\program files\Delicious - Emily's Holiday Season
2009-11-15 16:15 . 2009-10-16 12:13 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-15 00:09 . 2009-11-14 23:49 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-15 00:09 . 2009-11-14 23:49 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-15 00:09 . 2009-11-14 23:49 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-15 00:09 . 2009-11-15 00:09 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-15 00:09 . 2009-11-15 00:09 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-15 00:09 . 2009-11-14 23:49 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-14 23:49 . 2009-11-15 00:02 -------- d-----w- C:\$AVG
2009-11-14 23:49 . 2009-11-14 23:49 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 23:49 . 2009-11-14 23:49 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-14 23:49 . 2009-11-14 23:49 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-14 23:49 . 2009-11-14 23:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 23:49 . 2009-11-14 23:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 23:49 . 2009-11-14 23:49 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-14 23:49 . 2009-11-20 11:24 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-14 23:49 . 2009-11-15 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-14 23:48 . 2009-11-14 23:48 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-14 23:48 . 2009-11-14 23:48 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-11 17:12 . 2009-11-18 00:13 -------- d-----w- c:\windows\system32\NtmsData
2009-11-11 08:34 . 2009-11-11 08:34 291840 ----a-w- C:\tool.exe
2009-11-11 00:30 . 2009-11-14 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 19:36 . 2009-11-10 19:36 -------- d-----w- c:\program files\Trend Micro
2009-11-10 16:06 . 2009-11-10 16:06 1152 ----a-w- c:\windows\system32\windrv.sys
2009-11-10 15:50 . 2009-11-10 15:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Mechanic
2009-11-10 04:35 . 2009-11-10 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-10 03:54 . 2009-11-11 21:47 -------- d-----w- C:\AVGTemp
2009-11-09 19:49 . 2009-11-09 19:49 -------- d-----w- c:\documents and settings\New Folder
2009-11-09 14:46 . 2009-11-09 14:46 249856 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-11-09 14:46 . 2009-11-09 14:46 466944 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-11-09 14:44 . 2009-06-17 14:50 139264 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
2009-11-07 13:10 . 2009-11-07 13:10 28144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-07 11:52 . 2009-11-07 11:52 -------- d-----w- c:\program files\iPod
2009-11-07 11:52 . 2009-11-07 11:53 -------- d-----w- c:\program files\iTunes
2009-11-07 11:52 . 2009-11-07 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-07 11:50 . 2009-11-07 11:51 -------- d-----w- c:\program files\QuickTime
2009-11-07 11:45 . 2009-11-07 11:45 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-05 18:03 . 2009-11-05 18:03 -------- d-----w- c:\documents and settings\Owner\Application Data\bigfish
2009-11-05 18:03 . 2009-11-05 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\bigfish
2009-11-05 16:55 . 2009-11-05 16:55 194 ---ha-w- C:\aaw7boot.cmd
2009-11-05 16:00 . 2009-11-05 16:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 15:02 . 2009-11-05 15:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-11-03 17:01 . 2009-11-03 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Fitn17
2009-10-29 18:29 . 2009-10-29 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Alawar
2009-10-26 20:37 . 2009-10-20 19:57 3767064 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
2009-10-25 17:01 . 2009-10-25 17:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Astar Games
2009-10-25 16:58 . 2009-10-25 21:46 -------- d-----w- C:\GameHouse Games
2009-10-25 16:58 . 2009-07-02 11:19 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-25 16:58 . 2009-10-25 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-10-25 16:58 . 2004-12-20 12:17 147456 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-25 16:58 . 2009-10-25 16:58 -------- d-----w- c:\program files\Zylom Games
2009-10-25 16:57 . 2009-10-25 21:46 -------- d-----w- c:\program files\RealArcade
2009-10-24 16:05 . 2009-10-24 16:05 -------- d-----w- c:\documents and settings\Owner\Application Data\GamesCafe
2009-10-24 15:47 . 2009-10-24 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\GraveyardShift

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 17:43 . 2009-10-09 19:06 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-11-20 17:21 . 2009-10-09 19:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-11-20 11:33 . 2008-11-07 14:18 -------- d-----w- c:\program files\PokerStars
2009-11-20 05:09 . 2008-11-07 18:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-18 19:20 . 2009-09-05 17:06 176936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-18 18:25 . 2008-11-17 23:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-17 17:38 . 2008-11-17 22:01 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2009-11-16 16:35 . 2008-11-07 14:32 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-11-14 20:17 . 2008-11-18 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-12 20:50 . 2009-11-11 21:34 1840 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-11 21:35 . 2009-11-11 21:35 360 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-11-11 17:16 . 2008-11-06 12:33 28264 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 10:55 . 2008-11-06 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 00:31 . 2008-11-06 12:44 -------- d-----w- c:\program files\AVG
2009-11-10 19:07 . 2009-10-05 01:50 -------- d-----w- c:\program files\DivX
2009-11-10 17:13 . 2009-05-28 15:19 -------- d-----w- c:\program files\Yahoo!
2009-11-10 13:06 . 2008-11-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 03:17 . 2008-11-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-09 19:18 . 2008-11-17 21:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 13:09 . 2009-05-04 20:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-11-07 11:52 . 2009-05-04 20:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-05 18:00 . 2008-11-24 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-11-05 15:57 . 2008-11-17 20:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 22:01 . 2008-11-19 17:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-25 21:44 . 2008-11-07 13:57 -------- d-----w- c:\program files\Google
2009-10-21 03:34 . 2009-10-20 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-10-19 16:20 . 2009-10-09 16:46 -------- d-----w- c:\program files\Farm Frenzy 3
2009-10-19 13:41 . 2008-11-24 20:47 -------- d-----w- c:\program files\bfgclient
2009-10-14 02:24 . 2009-10-13 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-10-13 02:03 . 2008-11-06 13:19 -------- d-----w- c:\program files\Microsoft Works
2009-10-11 02:31 . 2009-10-09 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-10-11 02:30 . 2009-10-09 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-10-09 19:06 . 2009-10-09 19:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-09 19:02 . 2009-10-09 19:01 -------- d-----r- c:\program files\Skype
2009-10-09 19:02 . 2009-10-09 19:02 -------- d-----w- c:\program files\Common Files\Skype
2009-10-09 19:01 . 2009-10-09 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-08 03:48 . 2008-11-19 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-10-05 02:09 . 2009-10-05 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-10-03 11:26 . 2009-10-03 11:26 -------- d-----w- c:\documents and settings\Owner\Application Data\DivoGames
2009-10-03 10:58 . 2009-10-03 10:57 -------- d-----w- c:\program files\Big Fish Games Be Richer
2009-10-02 19:09 . 2009-09-13 15:51 -------- d-----w- c:\program files\Coconut Queen
2009-10-02 17:09 . 2008-11-09 13:57 -------- d-----w- c:\program files\Windows Live
2009-09-23 16:29 . 2008-12-20 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-09-11 18:13 . 2009-09-11 18:13 143736 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\kelly-green-garden-queen_s1_l1_gF5269T1L1_d683365649[1].exe
2009-09-11 18:13 . 2009-09-11 18:13 143736 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\be-richer_s1_l1_gF5193T1L1_d684226637[1].exe
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-10-29 17:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 17:44 . 2009-10-29 17:15 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 17:44 . 2009-10-29 17:15 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 17:29 . 2009-10-29 17:15 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:36 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-07-11 17:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-09 68592]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-15 2020120]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-8-16 95232]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 23:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [14/11/2009 23:49 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [14/11/2009 23:49 161800]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/11/2008 18:00 717296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14/11/2009 23:49 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14/11/2009 23:49 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/11/2009 23:49 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [14/11/2009 23:49 2304192]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/01/2009 21:01 54752]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [07/11/2008 12:38 20160]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [14/11/2009 23:48 30104]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [14/11/2009 23:49 5832712]
S2 gupdate1ca4560267dd27c;Google Update Service (gupdate1ca4560267dd27c);c:\program files\Google\Update\GoogleUpdate.exe [05/10/2009 02:04 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [14/11/2009 23:48 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys --> C:c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [?]
S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys --> C:c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [?]
S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys --> C:c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/06/2009 15:07 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/06/2009 15:07 8320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 02:04]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 02:04]

2009-11-20 c:\windows\Tasks\User_Feed_Synchronization-{B68ADE69-EAE6-4D2C-9B2D-A2F1CA9CA230}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-maxpc_er - c:\program files\MAXpc\MAXpc.exe
HKLM-Run-Piolet - c:\program files\Piolet\Piolet.exe
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 17:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4EE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> atapi.sys @ 0xba622b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-920026266-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6036)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-11-20 17:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-20 17:46

Pre-Run: 135,488,999,424 bytes free
Post-Run: 135,527,862,272 bytes free

- - End Of File - - C87CB2BCA84051098188B0AA56790B6E

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-22-2009 2:23 (GMT +2)

I am surprised to see that the system rebooted correctly. One driver file removed by ComboFix has recently caused a no booter. Better for now to not do a shutdown until we have checked things.

Click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):

:filefind
pciide.sys

Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-22-2009 3:00 (GMT +2)

Hi, here's the log. By ythe way I have rebooted a couple of times since combofix.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:58 on 22/11/2009 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "pciide.sys"
C:\WINDOWS\system32\dllcache\pciide.sys --a--c 3328 bytes [12:00 14/04/2008] [13:51 17/08/2001] CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\pciide.sys --a--c 3328 bytes [11:04 30/05/2002] [12:00 14/04/2008] CCF5F451BB1A5A2A522A76E670000FF0

-=End Of File=-

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-22-2009 3:22 (GMT +2)

File shows as back in it's rightful place. Have to assume ComboFix located and replaced the bad file, and removal of the bad file is what shows in the log. Good - let's check further now.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-22-2009 3:47 (GMT +2)

Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3

22/11/2009 01:46:22
mbam-log-2009-11-22 (01-46-22).txt

Scan type: Quick Scan
Objects scanned: 105263
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ubervid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-22-2009 4:08 (GMT +2)

Mostly remnant cleanup than active infection, so looking good. Are you having any problems at this time there we need to address?

One additional scan, to verify nothing remains.

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-22-2009 6:26 (GMT +2)

Redirect problem seems to have gone thanks.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d77bee52d428fb40b6cf9390498e1a1e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-22 04:21:32
# local_time=2009-11-22 04:21:32 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1026631 1026631 0 0
# compatibility_mode=768 16777215 100 0 32667485 32667485 0 0
# compatibility_mode=1031 16777173 100 93 18781 665874 0 0
# compatibility_mode=8192 67108863 100 0 3977 3977 0 0
# scanned=56373
# found=4
# cleaned=4
# scan_time=2077
C:\Documents and Settings\Owner\My Documents\Downloads\Westward_2_Heroes_of_the_Frontier\Westward 2 - Heroes of the Frontier.exe a variant of Win32/Injector.CE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Poker\BlueSquare Poker\SetupPoker.exe a variant of Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Poker\BlueSquare Poker\_SetupPoker[1].exe a variant of Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\nvata.sys.vir Win32/Olmarik.OF virus (deleted - quarantined) 00000000000000000000000000000000 C

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-22-2009 10:37 (GMT +2)

Looks like you have been shopping at the wrong stores, with that malware embedded Westward II file Eset removed. The earlier ComboFix activity, and this one "Olmarik" variant Eset found that ComboFix removed earlier suggests we do one other look, but right now things are looking pretty good here.

Download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-22-2009 10:57 (GMT +2)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6EE1F8]<<
kernel: MBR read successfully
user & kernel MBR OK

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-23-2009 5:14 (GMT +2)

No, still a rootkit altering a boot driver file. Let's locate a replacement, and then you will need to exchange some files using the Recovery Console. This will allow you access before Windows starts, and while the malware altered file can be changed.

Open SystemLook and use the following script, and post those results please:

:filefind
atapi.sys

Edit - darn, I see you did not have ComboFix install the Recovery Console. I used to be against this measure, but now it is proving very helpful. To access this you will need an XP CD. Do you have one, or can borrow one?

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-23-2009 1:45 (GMT +2)

Hi, yes I do have a Windows XP CD.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:43 on 23/11/2009 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [17:45 20/11/2009] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [17:34 20/11/2009] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [17:34 20/11/2009] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--c 96512 bytes [11:04 30/05/2002] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-23-2009 3:25 (GMT +2)

Good, we will need that CD for the next steps.

listsvc
dir c:\windows\system32\drivers

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open text box, then save this to your C:\Windows folder as "servcheck.bat"

It should then be C:\Windows\servcheck.bat (important)

---------------

Go to Start - Run, type cmd and press OK. At the prompt copy/paste each of the following, pressing Enter after each:

C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys c:\loopi.red

exit

You should have received a notice that one file was copied (let me know if you didn't).

-------------

You will need to make a copy of the following steps, as they will be done while you are at the Recovery Console Prompt.

Then start the problem computer, and load the XP CD into the CD-ROM drive and restart the system. On reboot watch for and agree to any prompts to boot from the CD. If the system only reboots to Windows stop and post back here and we will discuss steps to make changes in the BIOS.

After the installation software inspects the system and loads all necessary device drivers you will see the "Welcome To Setup" screen, with the following menu:

This portion of the Setup program prepares Microsoft Windows XP to run on your computer:

   To setup Windows XP now, press ENTER.

   To repair a Windows XP installation using Recovery Console, press R.

   To quit Setup without installing Windows XP, press F3.

Press "R" to start the Recovery Console setup. After you start the Windows Recovery Console, you receive the following message:

Microsoft Windows(R) Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log on to
(To cancel, press ENTER)?

After you enter the number for the appropriate Windows installation (usually #1), Windows will then prompt you to enter the Administrator account password if one was created (if one was not created then just press Enter).

At the prompt type the following, pressing Enter after each:

batch servcheck.bat c:\windows\servicelook.txt

copy c:\loopi.red C:\WINDOWS\system32\drivers\atapi.sys

You should get a prompt to overwrite the existing file, so select "Y"es to do that.

Then type exit and press Enter to reboot the system.

When you hit Enter after typing exit your computer will reboot. Do Not press any key until the system has completely rebooted, then after the reboot be sure to remove your XP CD from the CD-ROM drive.

-----------------

After the reboot run ComboFix again, and post that new C:\ComboFix.txt log.

Also locate the C:\windows\servicelook.txt log you created from that Recovery Console batch file run and post those contents please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-23-2009 3:49 (GMT +2)

Hi, after doing CMD and pasting

C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys c:\loopi.red

get the message

The C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys application cannot be run in Win32 mode.

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-23-2009 3:53 (GMT +2)

Sorry - left off the copy command. Use this please:

copy C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys c:\loopi.red

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-23-2009 5:02 (GMT +2)

Abiosdsk         Disabled

abp480n5         Disabled

ACPI             Boot
    Microsoft ACPI Driver
ACPIEC           Disabled

ADM8511          Manual
ADMtek ADM8511/AN986 USB To Fast Ethernet Converter
adpu160m         Disabled

aec              Manual
Microsoft Kernel Acoustic Echo Canceller
AFD              System
AFD
Aha154x          Disabled

aic78u2          Disabled

aic78xx          Disabled

Alerter          Disabled
Alerter
ALG              Manual
Application Layer Gateway Service
AliIde           Disabled

AmdK8            System
AMD Processor Driver
amsint           Disabled

Apple Mobile Device Auto
    Apple Mobile Device
AppMgmt          Manual
Application Management
asc              Disabled

asc3350p         Disabled

asc3550          Disabled

ASKUpgrade       Auto
    ASKUpgrade
aspnet_state     Manual
ASP.NET State Service
AsyncMac         Manual
RAS Asynchronous Media Driver
atapi            Boot
    Standard IDE/ESDI Hard Disk Controller
Atdisk           Disabled

Atmarpc          Manual
ATM ARP Client Protocol
AudioSrv         Auto
    Windows Audio
audstub          Manual
Audio Stub Driver
avg9wd           Auto
    AVG WatchDog
Avgfwdx          Manual

Avgfwfd          Manual
AVG network filter service
avgfws9          Auto
    AVG Firewall
AVGIDSAgent      Auto
    AVG9IDSAgent
AVGIDSDriverxpx Manual
AVG9IDSDriver
AVGIDSErHrxpx    Boot
    AVG9IDSErHr
AVGIDSFilterxpx Manual
AVG9IDSFilter
AVGIDSShimxpx    Manual
AVG9IDSShim
AvgLdx86         System
AVG AVI Loader Driver x86
AvgMfx86         System
AVG On-access Scanner Minifilter Driver x86
AvgRkx86         Boot
    avgrkx86.sys
AvgTdiX          System
AVG Network Redirector
Beep             System

BITS             Manual
Background Intelligent Transfer Service
Bonjour Service Auto
    Bonjour Service
Browser          Auto
    Computer Browser
catchme          Manual

cbidf2k          Disabled

cd20xrnt         Disabled

Cdaudio          System

Cdfs             Disabled

Cdrom            System
CD-ROM Driver
Changer          System

CiSvc            Manual
Indexing Service
ClipSrv          Manual
ClipBook
clr_optimization_v2.0.50727_32 Manual
.NET Runtime Optimization Service v2.0.50727_X86
CmdIde           Disabled

COMSysApp        Manual
COM+ System Application
Cpqarray         Disabled

CryptSvc         Auto
    CryptSvc
dac2w2k          Disabled

dac960nt         Disabled

DcomLaunch       Auto
    DCOM Server Process Launcher
Dhcp             Auto
    DHCP Client
Disk             Boot
    Disk Driver
dmadmin          Manual
Logical Disk Manager Administrative Service
dmboot           Disabled

dmio             Disabled

dmload           Disabled

dmserver         Auto
    Logical Disk Manager
DMusic           Manual
Microsoft Kernel DLS Syntheiszer
Dnscache         Auto
    DNS Client
Dot3svc          Manual
Wired AutoConfig
dpti2o           Disabled

drmkaud          Manual
Microsoft Kernel DRM Audio Descrambler
EapHost          Manual
Extensible Authentication Protocol Service
ENTECH           Manual
ENTECH
ERSvc            Auto
    Error Reporting Service
Eventlog         Auto
    Event Log
EventSystem      Manual
COM+ Event System
Fastfat          Disabled

FastUserSwitchingCompatibility Manual
Fast User Switching Compatibility
Fdc              System

Fips             System

Flpydisk         System

FltMgr           Boot
    FltMgr
FontCache3.0.0.0 Manual
Windows Presentation Foundation Font Cache 3.0.0.0
fssfltr          Auto
    FssFltr
fsssvc           Manual
Windows Live Family Safety Service
Fs_Rec           System

Ftdisk           Boot
    Volume Manager Driver
GEARAspiWDM      Manual
GEAR ASPI Filter Driver
Gpc              Manual
Generic Packet Classifier
gupdate1ca4560267dd27c Auto
    Google Update Service (gupdate1ca4560267dd27c)
gusvc            Manual
Google Software Updater
HDAudBus         Manual
Microsoft UAA Bus Driver for High Definition Audio
helpsvc          Auto
    Help and Support
HidServ          Auto
    HID Input Service
HidUsb           Manual
Microsoft HID Class Driver
hkmsvc           Manual
Health Key and Certificate Management Service
hpn              Disabled

HTTP             Manual
HTTP
HTTPFilter       Manual
HTTP SSL
i2omgmt          System

i2omp            Disabled

i8042prt         System
i8042 Keyboard and PS/2 Mouse Port Driver
idsvc            Manual
Windows CardSpace
Imapi            System
CD-Burning Filter Driver
ImapiService     Manual
IMAPI CD-Burning COM Service
ini910u          Disabled

IntcAzAudAddService Manual
Service for Realtek HD Audio (WDM)
IntelIde         Disabled

Ip6Fw            Manual
IPv6 Windows Firewall Driver
IpFilterDriver   Manual
IP Traffic Filter Driver
IpInIp           Manual
IP in IP Tunnel Driver
IpNat            Manual
IP Network Address Translator
iPod Service     Manual
iPod Service
IPSec            System
IPSEC driver
IRENUM           Manual
IR Enumerator Service
isapnp           Boot
    PnP ISA/EISA Bus Driver
JavaQuickStarterService Auto
    Java Quick Starter
Kbdclass         System
Keyboard Class Driver
kbdhid           System
Keyboard HID Driver
kmixer           Manual
Microsoft Kernel Wave Audio Mixer
KSecDD           Boot

LanmanServer     Auto
    Server
lanmanworkstation Auto
    Workstation
lbrtfdc          System

LightScribeService Auto
    LightScribeService Direct Disc Labeling Service
LmHosts          Auto
    TCP/IP NetBIOS Helper
Messenger        Disabled
Messenger
mnmdd            System

mnmsrvc          Manual
NetMeeting Remote Desktop Sharing
Modem            Manual

Mouclass         System
Mouse Class Driver
mouhid           Manual
Mouse HID Driver
MountMgr         Boot

mraid35x         Disabled

MRxDAV           Manual
WebDav Client Redirector
MRxSmb           System
MRXSMB
MSDTC            Manual
Distributed Transaction Coordinator
Msfs             System

MSIServer        Manual
Windows Installer
MSKSSRV          Manual
Microsoft Streaming Service Proxy
MSPCLOCK         Manual
Microsoft Streaming Clock Proxy
MSPQM            Manual
Microsoft Streaming Quality Manager Proxy
mssmbios         Manual
Microsoft System Management BIOS Driver
MTsensor         Manual
ATK0110 ACPI UTILITY
Mup              Boot
    Mup
napagent         Manual
Network Access Protection Agent
NDIS             Boot
    NDIS System Driver
NdisTapi         Manual
Remote Access NDIS TAPI Driver
Ndisuio          Manual
NDIS Usermode I/O Protocol
NdisWan          Manual
Remote Access NDIS WAN Driver
NDProxy          Manual
NDIS Proxy
Nero BackItUp Scheduler 3 Auto
    Nero BackItUp Scheduler 3
NetBIOS          System
NetBIOS Interface
NetBT            System
NetBios over Tcpip
NetDDE           Manual
Network DDE
NetDDEdsdm       Manual
Network DDE DSDM
Netlogon         Manual
Net Logon
Netman           Manual
Network Connections
NetTcpPortSharing Disabled
Net.Tcp Port Sharing Service
Nla              Manual
Network Location Awareness (NLA)
NMIndexingService Manual
NMIndexingService
nmwcd            Manual
Nokia USB Phone Parent
nmwcdc           Manual
Nokia USB Generic
nmwcdnsu         Manual
Nokia USB Flashing Phone Parent
nmwcdnsuc        Manual
Nokia USB Flashing Generic
Npfs             System

Ntfs             Disabled

NtLmSsp          Manual
NT LM Security Support Provider
NtmsSvc          Manual
Removable Storage
NuidFltr         Manual
NUID filter driver
Null             System

nv               Manual

nvata            Boot

NVENETFD         Manual
NVIDIA nForce Networking Controller Driver
nvnetbus         Manual
NVIDIA Network Bus Enumerator
NVSvc            Auto
    NVIDIA Display Driver Service
NwlnkFlt         Manual
IPX Traffic Filter Driver
NwlnkFwd         Manual
IPX Traffic Forwarder Driver
odserv           Manual
Microsoft Office Diagnostics Service
ose              Manual
Office Source Engine
Parport          Manual
Parallel port driver
PartMgr          Boot

ParVdm           Auto

pccsmcfd         Manual
PCCS Mode Change Filter Driver
PCI              Boot
    PCI Bus Driver
PCIDump          System

PCIIde           Boot

Pcmcia           Disabled

PDCOMP           Manual

PDFRAME          Manual

PDRELI           Manual

PDRFRAME         Manual

perc2            Disabled

perc2hib         Disabled

PLFlash DeviceIoControl Service Auto
    PLFlash DeviceIoControl Service
PlugPlay         Auto
    Plug and Play
PolicyAgent      Auto
    IPSEC Services
PptpMiniport     Manual
WAN Miniport (PPTP)
Processor        System
Processor Driver
ProtectedStorage Auto
    Protected Storage
PSched           Manual
QoS Packet Scheduler
Ptilink          Manual
Direct Parallel Link Driver
PxHelp20         Boot
    PxHelp20
ql1080           Disabled

Ql10wnt          Disabled

ql12160          Disabled

ql1240           Disabled

ql1280           Disabled

RasAcd           System
Remote Access Auto Connection Driver
RasAuto          Manual
Remote Access Auto Connection Manager
Rasl2tp          Manual
WAN Miniport (L2TP)
RasMan           Manual
Remote Access Connection Manager
RasPppoe         Manual
Remote Access PPPOE Driver
Raspti           Manual
Direct Parallel
Rdbss            System
Rdbss
RDPCDD           System

RDPWD            Manual

RDSessMgr        Manual
Remote Desktop Help Session Manager
redbook          System
Digital CD Audio Playback Filter Driver
RemoteAccess     Disabled
Routing and Remote Access
RichVideo        Auto
    Cyberlink RichVideo Service(CRVS)
RpcLocator       Manual
Remote Procedure Call (RPC) Locator
RpcSs            Auto
    Remote Procedure Call (RPC)
RSVP             Manual
QoS RSVP
SamSs            Auto
    Security Accounts Manager
SCardSvr         Manual
Smart Card
Schedule         Auto
    Task Scheduler
SeaPort          Auto
    SeaPort
Secdrv           Manual
Secdrv
seclogon         Auto
    Secondary Logon
SENS             Auto
    System Event Notification
serenum          Manual
Serenum Filter Driver
Serial           System
Serial port driver
ServiceLayer     Manual
ServiceLayer
Sfloppy          System

SharedAccess     Auto
    Windows Firewall/Internet Connection Sharing (ICS)
ShellHWDetection Auto
    Shell Hardware Detection
Simbad           Disabled

Sparrow          Disabled

splitter         Manual
Microsoft Kernel Audio Splitter
Spooler          Auto
    Print Spooler
sptd             Boot

sr               Boot
    System Restore Filter Driver
srservice        Auto
    System Restore Service
Srv              Manual
Srv
SSDPSRV          Manual
SSDP Discovery Service
stisvc           Auto
    Windows Image Acquisition (WIA)
swenum           Manual
Software Bus Driver
swmidi           Manual
Microsoft Kernel GS Wavetable Synthesizer
SwPrv            Manual
MS Software Shadow Copy Provider
Symantec RemoteAssist Manual
Symantec RemoteAssist
symc810          Disabled

symc8xx          Disabled

sym_hi           Disabled

sym_u3           Disabled

sysaudio         Manual
Microsoft Kernel System Audio Device
SysmonLog        Manual
Performance Logs and Alerts
TapiSrv          Manual
Telephony
Tcpip            System
TCP/IP Protocol Driver
TDPIPE           Manual

TDTCP            Manual

TermDD           System
Terminal Device Driver
TermService      Manual
Terminal Services
Themes           Auto
    Themes
TosIde           Disabled

TrkWks           Auto
    Distributed Link Tracking Client
Udfs             Disabled

ultra            Disabled

Update           Manual
Microcode Update Driver
upnphost         Manual
Universal Plug and Play Device Host
upperdev         Manual

UPS              Manual
Uninterruptible Power Supply
usbccgp          Manual
Microsoft USB Generic Parent Driver
usbehci          Manual
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
usbhub           Manual
USB2 Enabled Hub
usbohci          Manual
Microsoft USB Open Host Controller Miniport Driver
usbser           Manual
USB Modem Driver
UsbserFilt       Manual

USBSTOR          Manual
USB Mass Storage Driver
VgaSave          System

ViaIde           Disabled

VolSnap          Boot

VSS              Manual
Volume Shadow Copy
W32Time          Manual
Windows Time
Wanarp           Manual
Remote Access IP ARP Driver
Wdf01000         Manual
Wdf01000
WDICA            Manual

wdmaud           Manual
Microsoft WINMM WDM Audio Compatibility Driver
WebClient        Auto
    WebClient
winmgmt          Auto
    Windows Management Instrumentation
Winsock          Manual

WmdmPmSN         Manual
Portable Media Serial Number Service
WmiApSrv         Manual
WMI Performance Adapter
WMPNetworkSvc    Manual
Windows Media Player Network Sharing Service
WpdUsb           Manual
WpdUsb
WS2IFSL          Disabled
Windows Socket 2.0 Non-IFS Service Provider Support Environment
wscsvc           Auto
    Security Center
wuauserv         Auto
    Automatic Updates
WudfPf           Boot
    Windows Driver Foundation - User-mode Driver Framework Platform Driver
WudfRd           Manual
Windows Driver Foundation - User-mode Driver Framework Reflector
WudfSvc          Auto
    Windows Driver Foundation - User-mode Driver Framework
WZCSVC           Auto
    Wireless Zero Configuration
xmlprov          Manual
Network Provisioning Service

shytalk
New Member

Date Joined Nov 2009
Total Posts : 26

Posted 11-23-2009 5:04 (GMT +2)

ComboFix 09-11-20.01 - Owner 23/11/2009 14:46.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1919.1226 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-23 14:10 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-23 13:35 . 2009-11-23 13:35 40 ----a-w- c:\windows\servcheck.bat
2009-11-22 20:53 . 2009-11-22 20:53 77312 ----a-w- C:\mbr.exe
2009-11-22 15:40 . 2009-11-22 15:40 -------- d-----w- c:\program files\ESET
2009-11-22 01:40 . 2009-11-22 01:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-22 01:40 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 01:40 . 2009-11-22 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 01:40 . 2009-11-22 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-22 01:40 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 17:34 . 2008-04-14 12:00 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 17:34 . 2006-10-18 08:31 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2009-11-20 11:25 . 2009-11-22 02:18 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 11:25 . 2009-11-22 02:18 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-19 04:44 . 2009-11-19 04:44 -------- d-----w- C:\rsit
2009-11-15 16:15 . 2009-10-16 12:13 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-15 00:09 . 2009-11-14 23:49 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-15 00:09 . 2009-11-14 23:49 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-15 00:09 . 2009-11-14 23:49 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-15 00:09 . 2009-11-22 02:18 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-15 00:09 . 2009-11-22 02:18 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-15 00:09 . 2009-11-14 23:49 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-14 23:49 . 2009-11-15 00:02 -------- d-----w- C:\$AVG
2009-11-14 23:49 . 2009-11-14 23:49 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 23:49 . 2009-11-14 23:49 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-14 23:49 . 2009-11-14 23:49 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-14 23:49 . 2009-11-14 23:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 23:49 . 2009-11-14 23:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 23:49 . 2009-11-14 23:49 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-14 23:49 . 2009-11-23 11:29 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-14 23:49 . 2009-11-15 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-14 23:48 . 2009-11-14 23:48 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-14 23:48 . 2009-11-14 23:48 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-11 17:12 . 2009-11-18 00:13 -------- d-----w- c:\windows\system32\NtmsData
2009-11-11 08:34 . 2009-11-11 08:34 291840 ----a-w- C:\tool.exe
2009-11-11 00:30 . 2009-11-14 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 19:36 . 2009-11-10 19:36 -------- d-----w- c:\program files\Trend Micro
2009-11-10 16:06 . 2009-11-10 16:06 1152 ----a-w- c:\windows\system32\windrv.sys
2009-11-10 15:50 . 2009-11-10 15:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Mechanic
2009-11-10 04:35 . 2009-11-10 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-10 03:54 . 2009-11-11 21:47 -------- d-----w- C:\AVGTemp
2009-11-09 19:49 . 2009-11-09 19:49 -------- d-----w- c:\documents and settings\New Folder
2009-11-09 14:46 . 2009-11-09 14:46 249856 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-11-09 14:46 . 2009-11-09 14:46 466944 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-11-09 14:44 . 2009-06-17 14:50 139264 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
2009-11-07 13:10 . 2009-11-07 13:10 28144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-07 11:52 . 2009-11-07 11:52 -------- d-----w- c:\program files\iPod
2009-11-07 11:52 . 2009-11-07 11:53 -------- d-----w- c:\program files\iTunes
2009-11-07 11:52 . 2009-11-07 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-07 11:50 . 2009-11-07 11:51 -------- d-----w- c:\program files\QuickTime
2009-11-07 11:45 . 2009-11-07 11:45 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-05 18:03 . 2009-11-05 18:03 -------- d-----w- c:\documents and settings\Owner\Application Data\bigfish
2009-11-05 18:03 . 2009-11-05 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\bigfish
2009-11-05 16:55 . 2009-11-05 16:55 194 ---ha-w- C:\aaw7boot.cmd
2009-11-05 16:00 . 2009-11-05 16:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 15:02 . 2009-11-05 15:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-11-03 17:01 . 2009-11-03 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Fitn17
2009-10-29 18:29 . 2009-10-29 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Alawar
2009-10-26 20:37 . 2009-10-20 19:57 3767064 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
2009-10-25 17:01 . 2009-10-25 17:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Astar Games
2009-10-25 16:58 . 2009-10-25 21:46 -------- d-----w- C:\GameHouse Games
2009-10-25 16:58 . 2009-07-02 11:19 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-25 16:58 . 2009-10-25 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-10-25 16:58 . 2004-12-20 12:17 147456 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-25 16:58 . 2009-10-25 16:58 -------- d-----w- c:\program files\Zylom Games
2009-10-25 16:57 . 2009-10-25 21:46 -------- d-----w- c:\program files\RealArcade
2009-10-24 16:05 . 2009-10-24 16:05 -------- d-----w- c:\documents and settings\Owner\Application Data\GamesCafe
2009-10-24 15:47 . 2009-10-24 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\GraveyardShift

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 14:36 . 2009-10-09 19:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-11-23 00:00 . 2008-11-07 14:18 -------- d-----w- c:\program files\PokerStars
2009-11-20 17:43 . 2009-10-09 19:06 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-11-20 05:09 . 2008-11-07 18:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-18 19:20 . 2009-09-05 17:06 176936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-18 18:25 . 2008-11-17 23:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-17 17:38 . 2008-11-17 22:01 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2009-11-16 16:35 . 2008-11-07 14:32 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-11-14 20:17 . 2008-11-18 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-12 20:50 . 2009-11-11 21:34 1840 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-11 21:35 . 2009-11-11 21:35 360 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-11-11 17:16 . 2008-11-06 12:33 28264 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 10:55 . 2008-11-06 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 00:31 . 2008-11-06 12:44 -------- d-----w- c:\program files\AVG
2009-11-10 19:07 . 2009-10-05 01:50 -------- d-----w- c:\program files\DivX
2009-11-10 17:13 . 2009-05-28 15:19 -------- d-----w- c:\program files\Yahoo!
2009-11-10 13:06 . 2008-11-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 03:17 . 2008-11-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-09 19:18 . 2008-11-17 21:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 13:09 . 2009-05-04 20:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-11-07 11:52 . 2009-05-04 20:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-05 18:00 . 2008-11-24 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-11-05 15:57 . 2008-11-17 20:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 22:01 . 2008-11-19 17:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-25 21:44 . 2008-11-07 13:57 -------- d-----w- c:\program files\Google
2009-10-21 03:34 . 2009-10-20 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-10-19 16:20 . 2009-10-09 16:46 -------- d-----w- c:\program files\Farm Frenzy 3
2009-10-19 13:41 . 2008-11-24 20:47 -------- d-----w- c:\program files\bfgclient
2009-10-14 02:24 . 2009-10-13 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-10-13 02:03 . 2008-11-06 13:19 -------- d-----w- c:\program files\Microsoft Works
2009-10-11 02:31 . 2009-10-09 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-10-11 02:30 . 2009-10-09 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-10-09 19:06 . 2009-10-09 19:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-09 19:02 . 2009-10-09 19:01 -------- d-----r- c:\program files\Skype
2009-10-09 19:02 . 2009-10-09 19:02 -------- d-----w- c:\program files\Common Files\Skype
2009-10-09 19:01 . 2009-10-09 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-08 03:48 . 2008-11-19 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-10-05 02:09 . 2009-10-05 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-10-03 11:26 . 2009-10-03 11:26 -------- d-----w- c:\documents and settings\Owner\Application Data\DivoGames
2009-10-03 10:58 . 2009-10-03 10:57 -------- d-----w- c:\program files\Big Fish Games Be Richer
2009-10-02 19:09 . 2009-09-13 15:51 -------- d-----w- c:\program files\Coconut Queen
2009-10-02 17:09 . 2008-11-09 13:57 -------- d-----w- c:\program files\Windows Live
2009-09-11 18:13 . 2009-09-11 18:13 143736 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\kelly-green-garden-queen_s1_l1_gF5269T1L1_d683365649[1].exe
2009-09-11 18:13 . 2009-09-11 18:13 143736 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\be-richer_s1_l1_gF5193T1L1_d684226637[1].exe
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-10-29 17:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 17:44 . 2009-10-29 17:15 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 17:44 . 2009-10-29 17:15 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 17:29 . 2009-10-29 17:15 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 17:29 . 2009-10-29 17:15 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:36 . 2008-04-14 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-07-11 17:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-11-20_17.42.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-23 14:36 . 2009-11-23 14:36 16384              c:\windows\Temp\Perflib_Perfdata_c94.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-09 68592]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-15 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 23:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [14/11/2009 23:49 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [14/11/2009 23:49 161800]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/11/2008 18:00 717296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14/11/2009 23:49 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14/11/2009 23:49 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/11/2009 23:49 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [14/11/2009 23:49 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [14/11/2009 23:49 5832712]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/01/2009 21:01 54752]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [07/11/2008 12:38 20160]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [14/11/2009 23:48 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [14/11/2009 23:49 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [14/11/2009 23:49 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [14/11/2009 23:49 25736]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S2 gupdate1ca4560267dd27c;Google Update Service (gupdate1ca4560267dd27c);c:\program files\Google\Update\GoogleUpdate.exe [05/10/2009 02:04 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [14/11/2009 23:48 30104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/06/2009 15:07 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/06/2009 15:07 8320]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2

2009-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 02:04]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 02:04]

2009-11-23 c:\windows\Tasks\User_Feed_Synchronization-{B68ADE69-EAE6-4D2C-9B2D-A2F1CA9CA230}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BlueSquare Poker - c:\poker\BlueSquare Poker\_SetupPoker[1].exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 14:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6EE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> atapi.sys @ 0xba622b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

- - - - - - - > 'explorer.exe'(4632)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-23 14:54
ComboFix-quarantined-files.txt 2009-11-23 14:54
ComboFix2.txt 2009-11-20 17:46

Pre-Run: 135,417,589,760 bytes free
Post-Run: 135,420,022,784 bytes free

- - End Of File - - 5BDD27F0025BA90DF36169D514B3A872

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-23-2009 7:44 (GMT +2)

Very good work on your part there, but doesn't look like atapi.sys was the target file. Let's check one that ComboFix moved earlier.

Open SystemLook again, and use the following script and post those results please:

:filefind
nvata.sys

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

48 posts in this thread.
Viewing Page : 1 2

Forum Information

Currently it is Monday, May 21, 2012 11:54 PM (GMT +2)
There are a total of 82.921 posts in 18.688 threads.
In the last 3 days there were 2 new threads and 3 reply posts. View Active Threads