Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect [Solved]


  • This topic is locked This topic is locked

#1
dartmoor

dartmoor

    Member

  • Member
  • PipPip
  • 10 posts
Hi all, hope someone can help.

When I load up firefox (also explorer), a page called changesettings.virginmedia.com is displayed, not allowing anyother page to be loaded. This page includes a fake phone number to call for assistance....the gits! :)

Here are the relavent logs..... :)


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/04/2010 13:22:13
mbam-log-2010-04-27 (13-22-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 232336
Time elapsed: 1 hour(s), 14 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP341\A0083099.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 16:18:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\charlie\LOCALS~1\Temp\fwryypow.sys


---- Devices - GMER 1.0.15 ----

Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device \Driver\Cdrom \Device\CdRom1 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4fde349 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


OTL Extras logfile created on: 28/04/2010 09:54:28 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 53.00 Gb Free Space | 47.43% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.81 Gb Total Space | 1.55 Gb Free Space | 40.84% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-FCAFBFA90D
Current User Name: charlie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-733568496-585324705-1595338913-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE" = C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE" = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29031977-EF5E-446E-B3E1-E66B6FA3895D}" = SCRABBLE® 2005 EDITION
"{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro
"{2F4E2C8A-B886-418E-BE49-0B867CBDA959}" = Championship Manager 2008
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}" = Digimax Converter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}" = GameShadow
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}" = Samsung USB Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}" = AncestryView V2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"AVG9Uninstall" = AVG 9.0
"Bibble Pro" = Bibble Pro
"Cartes du Ciel" = Cartes du Ciel
"CCleaner" = CCleaner (remove only)
"Charting Companion for Family Tree Maker 1.0" = Charting Companion for Family Tree Maker
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"ePresentation" = Acer ePresentation Management
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"For the Glory_is1" = For the Glory
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opanda IExif_is1" = Opanda IExif 2.3
"pdfFactory Pro" = pdfFactory Pro
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinDjView" = WinDjView 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/02/2010 08:35:22 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 06/02/2010 08:35:22 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 06/02/2010 08:35:22 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 06/02/2010 08:35:22 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 08/02/2010 11:40:05 | Computer Name = ACER-FCAFBFA90D | Source = Google Update | ID = 20
Description =

Error - 19/02/2010 13:48:27 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/02/2010 13:48:27 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 19/02/2010 13:48:27 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 19/02/2010 13:48:27 | Computer Name = ACER-FCAFBFA90D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 21/02/2010 09:06:11 | Computer Name = ACER-FCAFBFA90D | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x00119331.

[ System Events ]
Error - 27/04/2010 12:21:43 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 27/04/2010 12:21:45 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The AdminWorks Agent X6 service terminated unexpectedly. It has done
this 1 time(s).

Error - 27/04/2010 12:21:47 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
unexpectedly. It has done this 1 time(s).

Error - 27/04/2010 12:21:47 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 27/04/2010 12:21:47 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 27/04/2010 12:21:49 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 27/04/2010 12:21:49 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 27/04/2010 12:21:55 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 27/04/2010 12:27:28 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28/04/2010 04:51:03 | Computer Name = ACER-FCAFBFA90D | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >
  • 0

Advertisements


#2
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK, just about to post the OTL log in another reply and have just realised how large it is as I scanned with all the "All" boxes checked. I'll go and do a standard scan now.
  • 0

#3
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 28/04/2010 10:35:26 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 244.00 Mb Available Physical Memory | 24.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 53.37 Gb Free Space | 47.75% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.81 Gb Total Space | 1.55 Gb Free Space | 40.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-FCAFBFA90D
Current User Name: charlie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/28 09:30:12 | 000,563,712 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/04/27 17:26:54 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\charlie\Local Settings\temp\RtkBtMnt.exe
PRC - [2010/04/20 10:30:56 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/04 23:00:52 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/29 22:46:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/05 11:57:14 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/05 11:57:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 11:56:54 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 11:56:50 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/25 11:02:02 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/02/25 10:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/10/29 14:53:36 | 002,352,128 | ---- | M] (Paradox Interactive) -- C:\Program Files\Paradox Interactive\For the Glory\FTG.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/08 18:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2006/08/10 19:29:14 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/07/20 22:15:32 | 000,593,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/03/23 12:17:42 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/12/27 15:50:28 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe


========== Modules (SafeList) ==========

MOD - [2010/04/28 09:30:12 | 000,563,712 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008/04/14 01:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2006/01/20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/12/27 16:57:30 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/12/27 15:50:26 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2003/03/18 22:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/02/21 15:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 23:22:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 18:34:20 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/03/05 11:57:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/25 10:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 10:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/20 10:30:58 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/05 11:57:12 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 11:56:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/05 11:56:50 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/17 23:25:14 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/09 22:25:58 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2006/10/06 22:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/18 22:40:50 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/04/03 05:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/03 12:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 75 D6 CA 01 87 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...r=ytff-sunm&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/09 13:53:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/03/20 07:59:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/05/24 22:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/05/24 22:26:30 | 000,000,000 | ---D | M]

[2008/08/27 13:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charlie\Application Data\Mozilla\Extensions
[2008/05/24 22:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions
[2009/09/03 01:12:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/22 15:50:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/25 16:04:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/29 20:49:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/13 16:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\[email protected]
[2009/01/03 14:17:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\searchplugins\ask.xml
[2008/05/24 22:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/25 18:06:22 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/25 18:06:22 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/25 18:06:22 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/25 18:06:22 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/27 17:24:18 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download2.gam...ts/y/poti_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 17:28:30 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/04/27 17:22:06 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/04/27 16:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/27 16:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\SUPERAntiSpyware.com
[2010/04/27 16:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/27 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/27 15:44:49 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/04/27 15:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/04/27 15:44:38 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/04/27 15:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/27 15:27:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/27 15:27:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/27 15:27:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/27 15:27:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/27 15:27:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/27 15:27:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/27 15:27:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/27 15:23:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\charlie\Recent
[2010/04/27 15:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/15 17:56:42 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2010/04/12 09:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\charlie\My Documents\Eidos
[2010/04/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\GameShadow
[2010/04/12 09:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Local Settings\Application Data\Downloaded Installations
[2010/04/12 09:50:16 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/04/12 09:50:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/04/12 09:50:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/04/12 09:50:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/04/12 09:50:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/04/12 09:50:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/04/12 09:50:09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/04/12 09:50:08 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/04/12 09:50:08 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/04/12 09:50:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/04/12 09:50:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/04/12 09:50:06 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/04/12 09:50:06 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/04/12 09:50:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/04/12 09:50:04 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/04/12 09:49:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/04/12 09:49:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/04/12 09:49:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/04/12 09:49:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/04/12 09:49:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/04/12 09:49:51 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/04/12 09:49:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/04/12 09:49:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/04/12 09:49:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/04/12 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos
[2010/04/12 00:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/04 23:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/04 23:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/04 23:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/04 23:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/04 23:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/04 23:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/31 02:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/30 23:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/30 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/03/30 11:14:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/03/29 18:34:22 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010/03/29 18:34:20 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/03/29 18:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/03/29 18:33:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/29 12:57:53 | 000,000,000 | ---D | C] -- C:\Photoshop
[2010/03/29 12:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\Thinstall
[2010/03/29 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/03/29 10:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Moon Position
[2004/12/13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2010/04/28 09:54:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/28 09:51:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/28 09:50:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 09:50:04 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
[2010/04/28 09:49:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/28 09:49:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 09:49:30 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/28 00:37:00 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\charlie\NTUSER.DAT
[2010/04/28 00:36:54 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/04/28 00:36:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\charlie\ntuser.ini
[2010/04/28 00:36:26 | 002,110,220 | -H-- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\IconCache.db
[2010/04/28 00:19:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-733568496-585324705-1595338913-1005.job
[2010/04/27 23:49:20 | 000,132,608 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 16:29:26 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/27 15:39:02 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 15:25:16 | 000,900,952 | ---- | M] () -- C:\Documents and Settings\charlie\My Documents\cc_20100427_152452.reg
[2010/04/27 15:21:40 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\CCleaner.lnk
[2010/04/27 09:20:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\prvlcl.dat
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 14:04:58 | 000,052,660 | ---- | M] () -- C:\Documents and Settings\charlie\My Documents\MedicalForm.pdf
[2010/04/23 17:58:30 | 000,393,728 | ---- | M] () -- C:\Documents and Settings\charlie\My Documents\wedding_seating.doc
[2010/04/20 10:30:58 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/13 08:59:56 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\cm2008.lnk
[2010/04/13 00:57:26 | 000,073,408 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/13 00:56:24 | 002,375,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/09 09:43:36 | 000,526,006 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 09:43:36 | 000,446,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/09 09:43:36 | 000,073,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/05 14:01:42 | 000,224,729 | ---- | M] () -- C:\Documents and Settings\charlie\My Documents\_MG_1253.jpg
[2010/04/04 23:02:08 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/04 23:01:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/04 23:01:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/04 23:00:58 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/04 14:46:54 | 000,068,654 | ---- | M] () -- C:\Documents and Settings\charlie\My Documents\Appointment-1.pdf
[2010/03/31 21:52:52 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/31 14:13:18 | 000,000,675 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/31 09:50:02 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Photoshop.lnk
[2010/03/31 02:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/31 02:58:04 | 002,083,312 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/03/31 02:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/03/31 02:58:04 | 000,559,600 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/03/31 02:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/03/31 02:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/03/31 02:58:04 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/03/31 02:58:04 | 000,125,424 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/03/31 02:58:04 | 000,123,888 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/03/31 02:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/03/31 02:58:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/03/31 02:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/03/31 02:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 10:45:46 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Cartes du Ciel.lnk

========== Files Created - No Company Name ==========

[2010/04/27 16:29:25 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/27 15:27:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/27 15:27:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/27 15:27:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/27 15:27:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/27 15:27:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/27 15:24:58 | 000,900,952 | ---- | C] () -- C:\Documents and Settings\charlie\My Documents\cc_20100427_152452.reg
[2010/04/27 15:21:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\CCleaner.lnk
[2010/04/25 14:04:56 | 000,052,660 | ---- | C] () -- C:\Documents and Settings\charlie\My Documents\MedicalForm.pdf
[2010/04/23 17:47:59 | 000,393,728 | ---- | C] () -- C:\Documents and Settings\charlie\My Documents\wedding_seating.doc
[2010/04/13 08:59:27 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\cm2008.lnk
[2010/04/05 14:00:28 | 000,224,729 | ---- | C] () -- C:\Documents and Settings\charlie\My Documents\_MG_1253.jpg
[2010/04/04 23:03:36 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
[2010/04/04 14:46:53 | 000,068,654 | ---- | C] () -- C:\Documents and Settings\charlie\My Documents\Appointment-1.pdf
[2010/03/31 09:49:25 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Photoshop.lnk
[2010/03/29 10:45:44 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Cartes du Ciel.lnk
[2010/03/15 00:11:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/20 17:11:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/09/02 10:51:28 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2009/04/10 15:42:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2008/11/21 21:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 21:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/12 16:17:42 | 000,000,084 | ---- | C] () -- C:\WINDOWS\csact.ini
[2008/06/11 22:34:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/25 09:27:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/05/24 22:36:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/10/20 02:47:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2007/10/20 02:47:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2007/10/20 02:47:23 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2007/10/20 02:47:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/10/20 02:47:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2007/10/19 18:31:21 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2007/10/19 18:30:41 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
[2007/08/20 17:53:58 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/08/20 17:46:42 | 000,000,028 | ---- | C] () -- C:\WINDOWS\avinstalled.ini
[2007/06/25 13:28:17 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2007/06/25 13:14:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/06/07 21:57:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/05/27 10:08:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
< End of report >
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Rorschach, thank you for helping me and giving your time.

I tried the above, but couldn’t load Microsoft console as when it says click yes in the following agreement, before the agreement appears an error box appears and states I didn’t click yes. Therefore combofix was run without this feature.

Just realised that all our computers at home have the same problem. One is a mac, the other two are pc's. Will the same apply to them aswell?

ComboFix 10-04-27.04 - charlie 28/04/2010 15:08:32.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.476 [GMT 1:00]
Running from: c:\documents and settings\charlie\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 13:47 . 2010-04-28 13:48 -------- d-----w- c:\documents and settings\charlie\Application Data\AVG9
2010-04-27 16:28 . 2010-04-27 16:28 -------- d-----w- C:\VundoFix Backups
2010-04-27 15:29 . 2010-04-27 15:29 52224 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-27 15:29 . 2010-04-27 15:29 117760 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\ERDNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- c:\windows\ERUNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\!FixIEDef
2010-04-27 14:21 . 2010-04-27 14:21 -------- d-----w- c:\program files\CCleaner
2010-04-20 09:31 . 2010-04-20 09:31 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 09:30 . 2010-04-20 09:30 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 16:56 . 2010-04-15 16:56 -------- d-----w- C:\New Folder (2)
2010-04-12 08:48 . 2010-04-12 08:48 -------- d-----w- c:\program files\Eidos
2010-04-11 23:15 . 2010-04-16 09:16 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 23:14 . 2010-04-11 23:10 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-11 23:14 . 2010-04-11 23:10 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-11 23:14 . 2008-12-25 15:03 125936 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-11 23:14 . 2010-04-11 23:14 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 23:14 . 2010-04-11 23:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-11 23:10 . 2010-04-11 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-04 22:02 . 2010-04-04 22:02 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-04 22:02 . 2010-04-04 22:02 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-04 22:02 . 2010-04-04 22:02 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-04 22:02 . 2010-04-04 22:02 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-04 22:01 . 2010-04-04 22:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-04 21:57 . 2010-04-04 21:57 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-04-04 08:33 . 2010-04-04 08:33 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:31 . 2010-03-30 22:31 -------- d-----w- c:\program files\Bonjour
2010-03-30 22:22 . 2010-03-30 22:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-29 21:47 . 2010-03-29 21:48 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-03-29 21:47 . 2010-03-29 21:48 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-03-29 21:47 . 2010-03-29 21:48 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-29 21:47 . 2010-03-29 21:47 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-03-29 21:47 . 2010-03-29 21:47 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-03-29 21:47 . 2010-03-29 21:47 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-03-29 21:47 . 2010-03-29 21:47 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-03-29 21:47 . 2010-03-29 21:47 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-03-29 21:47 . 2010-03-29 21:47 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-03-29 21:47 . 2010-03-29 21:47 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-03-29 21:47 . 2010-03-29 21:47 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-03-29 21:47 . 2010-03-29 21:47 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-03-29 21:46 . 2010-03-29 21:46 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-29 17:34 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-29 17:34 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 13:19 . 2006-10-12 13:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-27 08:20 . 2009-12-18 14:32 0 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat
2010-04-20 09:30 . 2009-11-09 12:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 23:58 . 2009-09-07 19:37 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 23:57 . 2007-10-20 01:41 73408 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 08:50 . 2010-04-12 08:50 8854 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\ARPPRODUCTICON.exe
2010-04-12 08:50 . 2010-04-12 08:50 3262 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-04-12 08:50 . 2010-04-12 08:50 -------- d-----w- c:\program files\GameShadow
2010-04-04 22:02 . 2010-03-08 01:39 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-31 01:58 . 2007-06-15 20:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-06-15 20:00 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-06-15 20:00 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2005-05-12 17:54 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-29 23:46 . 2008-11-01 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-11-01 09:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\1000000b00002i\rundll32.exe
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\40000032e100002i\Photoshop.exe
2010-03-29 11:54 . 2010-03-29 11:54 -------- d-----w- c:\documents and settings\charlie\Application Data\Thinstall
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-29 09:45 . 2010-03-29 09:45 -------- d-----w- c:\program files\Moon Position
2010-03-28 11:13 . 2010-03-28 11:13 90112 ----a-w- c:\documents and settings\charlie\Application Data\bibble\XCrashReport.exe
2010-03-28 11:13 . 2010-03-28 11:13 -------- d-----w- c:\documents and settings\charlie\Application Data\bibble
2010-03-28 11:09 . 2010-03-28 11:09 -------- d-----w- c:\program files\Common Files\Bibble Labs
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\program files\Opanda
2010-03-14 23:12 . 2010-03-14 23:12 -------- d-----w- c:\documents and settings\charlie\Application Data\Media Player Classic
2010-03-10 14:56 . 2010-03-10 14:56 -------- d-----w- c:\documents and settings\charlie\Application Data\Apple Computer
2010-03-10 12:55 . 2010-03-10 12:55 -------- d-----w- c:\program files\WinDjView
2010-03-10 06:15 . 2004-08-10 19:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-08 01:29 . 2010-03-08 01:29 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup12.exe
2010-03-05 10:57 . 2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 10:57 . 2009-11-09 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-05 07:54 . 2010-03-05 07:53 -------- d-----w- c:\program files\Paradox Interactive
2010-03-03 10:33 . 2010-03-03 10:33 -------- d-----w- c:\program files\directx
2010-03-02 20:43 . 2010-03-02 20:43 -------- d-----w- c:\documents and settings\charlie\Application Data\FastStone
2010-03-02 20:41 . 2010-03-02 20:41 -------- d-----w- c:\program files\FastStone Image Viewer
2010-02-25 06:24 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2005-09-28 16:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-09-28 15:35 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-02-27 15:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 16:13 . 2010-03-14 23:11 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-10 1081344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [09/11/2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/11/2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/11/2009 13:53 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 11:57 308064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 10:59 1047880]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10:18 10064]
S2 gupdate1ca87afaeb010e2;Google Update Service (gupdate1ca87afaeb010e2);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 11:19 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 15:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-28 15:14:31
ComboFix-quarantined-files.txt 2010-04-28 14:14
ComboFix2.txt 2010-04-28 13:57
ComboFix3.txt 2010-04-27 14:42

Pre-Run: 57,020,776,448 bytes free
Post-Run: 57,002,557,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 1344487A26F99C004DB8509B57386D05
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
you seem to have run combofix a few times, can you post all the logs from it
  • 0

#7
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for your quick reply. I ran it again as the txt file wasn't saved to the specified location, and as such I'm not sure where the others are saved. The current log was produced from me copy and pasting from original popup.

Off out for the rest of the day, will try to find these logs tonight. Regards again for your time.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
they should be in C:\qoobox
  • 0

#9
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Morning Rorschach, thanks for the reply. I've found these files....see below.

The screen that firefox is stuck on has changed today. There is a new and similar front page with three links regarding which operating system is being used. Clicking the one for xp returns me to the previous page, being displayed yesterday and before. For the other two operating systems, there are different pages still.

ComboFix 10-04-27.04 - charlie 28/04/2010 15:08:32.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.476 [GMT 1:00]
Running from: c:\documents and settings\charlie\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 13:47 . 2010-04-28 13:48 -------- d-----w- c:\documents and settings\charlie\Application Data\AVG9
2010-04-27 16:28 . 2010-04-27 16:28 -------- d-----w- C:\VundoFix Backups
2010-04-27 15:29 . 2010-04-27 15:29 52224 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-27 15:29 . 2010-04-27 15:29 117760 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\ERDNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- c:\windows\ERUNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\!FixIEDef
2010-04-27 14:21 . 2010-04-27 14:21 -------- d-----w- c:\program files\CCleaner
2010-04-20 09:31 . 2010-04-20 09:31 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 09:30 . 2010-04-20 09:30 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 16:56 . 2010-04-15 16:56 -------- d-----w- C:\New Folder (2)
2010-04-12 08:48 . 2010-04-12 08:48 -------- d-----w- c:\program files\Eidos
2010-04-11 23:15 . 2010-04-16 09:16 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 23:14 . 2010-04-11 23:10 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-11 23:14 . 2010-04-11 23:10 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-11 23:14 . 2008-12-25 15:03 125936 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-11 23:14 . 2010-04-11 23:14 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 23:14 . 2010-04-11 23:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-11 23:10 . 2010-04-11 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-04 22:02 . 2010-04-04 22:02 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-04 22:02 . 2010-04-04 22:02 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-04 22:02 . 2010-04-04 22:02 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-04 22:02 . 2010-04-04 22:02 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-04 22:01 . 2010-04-04 22:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-04 21:57 . 2010-04-04 21:57 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-04-04 08:33 . 2010-04-04 08:33 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:31 . 2010-03-30 22:31 -------- d-----w- c:\program files\Bonjour
2010-03-30 22:22 . 2010-03-30 22:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-29 21:47 . 2010-03-29 21:48 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-03-29 21:47 . 2010-03-29 21:48 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-03-29 21:47 . 2010-03-29 21:48 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-29 21:47 . 2010-03-29 21:47 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-03-29 21:47 . 2010-03-29 21:47 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-03-29 21:47 . 2010-03-29 21:47 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-03-29 21:47 . 2010-03-29 21:47 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-03-29 21:47 . 2010-03-29 21:47 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-03-29 21:47 . 2010-03-29 21:47 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-03-29 21:47 . 2010-03-29 21:47 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-03-29 21:47 . 2010-03-29 21:47 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-03-29 21:47 . 2010-03-29 21:47 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-03-29 21:46 . 2010-03-29 21:46 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-29 17:34 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-29 17:34 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 13:19 . 2006-10-12 13:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-27 08:20 . 2009-12-18 14:32 0 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat
2010-04-20 09:30 . 2009-11-09 12:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 23:58 . 2009-09-07 19:37 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 23:57 . 2007-10-20 01:41 73408 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 08:50 . 2010-04-12 08:50 8854 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\ARPPRODUCTICON.exe
2010-04-12 08:50 . 2010-04-12 08:50 3262 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-04-12 08:50 . 2010-04-12 08:50 -------- d-----w- c:\program files\GameShadow
2010-04-04 22:02 . 2010-03-08 01:39 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-31 01:58 . 2007-06-15 20:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-06-15 20:00 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-06-15 20:00 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2005-05-12 17:54 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-29 23:46 . 2008-11-01 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-11-01 09:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\1000000b00002i\rundll32.exe
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\40000032e100002i\Photoshop.exe
2010-03-29 11:54 . 2010-03-29 11:54 -------- d-----w- c:\documents and settings\charlie\Application Data\Thinstall
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-29 09:45 . 2010-03-29 09:45 -------- d-----w- c:\program files\Moon Position
2010-03-28 11:13 . 2010-03-28 11:13 90112 ----a-w- c:\documents and settings\charlie\Application Data\bibble\XCrashReport.exe
2010-03-28 11:13 . 2010-03-28 11:13 -------- d-----w- c:\documents and settings\charlie\Application Data\bibble
2010-03-28 11:09 . 2010-03-28 11:09 -------- d-----w- c:\program files\Common Files\Bibble Labs
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\program files\Opanda
2010-03-14 23:12 . 2010-03-14 23:12 -------- d-----w- c:\documents and settings\charlie\Application Data\Media Player Classic
2010-03-10 14:56 . 2010-03-10 14:56 -------- d-----w- c:\documents and settings\charlie\Application Data\Apple Computer
2010-03-10 12:55 . 2010-03-10 12:55 -------- d-----w- c:\program files\WinDjView
2010-03-10 06:15 . 2004-08-10 19:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-08 01:29 . 2010-03-08 01:29 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup12.exe
2010-03-05 10:57 . 2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 10:57 . 2009-11-09 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-05 07:54 . 2010-03-05 07:53 -------- d-----w- c:\program files\Paradox Interactive
2010-03-03 10:33 . 2010-03-03 10:33 -------- d-----w- c:\program files\directx
2010-03-02 20:43 . 2010-03-02 20:43 -------- d-----w- c:\documents and settings\charlie\Application Data\FastStone
2010-03-02 20:41 . 2010-03-02 20:41 -------- d-----w- c:\program files\FastStone Image Viewer
2010-02-25 06:24 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2005-09-28 16:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-09-28 15:35 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-02-27 15:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 16:13 . 2010-03-14 23:11 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-10 1081344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [09/11/2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/11/2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/11/2009 13:53 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 11:57 308064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 10:59 1047880]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10:18 10064]
S2 gupdate1ca87afaeb010e2;Google Update Service (gupdate1ca87afaeb010e2);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 11:19 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 15:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-28 15:14:31
ComboFix-quarantined-files.txt 2010-04-28 14:14
ComboFix2.txt 2010-04-28 13:57
ComboFix3.txt 2010-04-27 14:42

Pre-Run: 57,020,776,448 bytes free
Post-Run: 57,002,557,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 1344487A26F99C004DB8509B57386D05

ComboFix 10-04-27.04 - charlie 28/04/2010 14:51:05.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.399 [GMT 1:00]
Running from: c:\documents and settings\charlie\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 13:47 . 2010-04-28 13:48 -------- d-----w- c:\documents and settings\charlie\Application Data\AVG9
2010-04-27 16:28 . 2010-04-27 16:28 -------- d-----w- C:\VundoFix Backups
2010-04-27 15:29 . 2010-04-27 15:29 52224 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-27 15:29 . 2010-04-27 15:29 117760 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\ERDNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- c:\windows\ERUNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\!FixIEDef
2010-04-27 14:21 . 2010-04-27 14:21 -------- d-----w- c:\program files\CCleaner
2010-04-20 09:31 . 2010-04-20 09:31 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 09:30 . 2010-04-20 09:30 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 16:56 . 2010-04-15 16:56 -------- d-----w- C:\New Folder (2)
2010-04-12 08:48 . 2010-04-12 08:48 -------- d-----w- c:\program files\Eidos
2010-04-11 23:15 . 2010-04-16 09:16 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 23:14 . 2010-04-11 23:10 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-11 23:14 . 2010-04-11 23:10 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-11 23:14 . 2008-12-25 15:03 125936 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-11 23:14 . 2010-04-11 23:14 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 23:14 . 2010-04-11 23:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-11 23:10 . 2010-04-11 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-04 22:02 . 2010-04-04 22:02 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-04 22:02 . 2010-04-04 22:02 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-04 22:02 . 2010-04-04 22:02 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-04 22:02 . 2010-04-04 22:02 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-04 22:01 . 2010-04-04 22:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-04 21:57 . 2010-04-04 21:57 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-04-04 08:33 . 2010-04-04 08:33 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:31 . 2010-03-30 22:31 -------- d-----w- c:\program files\Bonjour
2010-03-30 22:22 . 2010-03-30 22:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-29 21:47 . 2010-03-29 21:48 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-03-29 21:47 . 2010-03-29 21:48 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-03-29 21:47 . 2010-03-29 21:48 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-29 21:47 . 2010-03-29 21:47 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-03-29 21:47 . 2010-03-29 21:47 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-03-29 21:47 . 2010-03-29 21:47 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-03-29 21:47 . 2010-03-29 21:47 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-03-29 21:47 . 2010-03-29 21:47 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-03-29 21:47 . 2010-03-29 21:47 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-03-29 21:47 . 2010-03-29 21:47 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-03-29 21:47 . 2010-03-29 21:47 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-03-29 21:47 . 2010-03-29 21:47 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-03-29 21:46 . 2010-03-29 21:46 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-29 17:34 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-29 17:34 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 13:19 . 2006-10-12 13:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-27 08:20 . 2009-12-18 14:32 0 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat
2010-04-20 09:30 . 2009-11-09 12:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 23:58 . 2009-09-07 19:37 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 23:57 . 2007-10-20 01:41 73408 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 08:50 . 2010-04-12 08:50 8854 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\ARPPRODUCTICON.exe
2010-04-12 08:50 . 2010-04-12 08:50 3262 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-04-12 08:50 . 2010-04-12 08:50 -------- d-----w- c:\program files\GameShadow
2010-04-04 22:02 . 2010-03-08 01:39 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-31 01:58 . 2007-06-15 20:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-06-15 20:00 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-06-15 20:00 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2005-05-12 17:54 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-29 23:46 . 2008-11-01 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-11-01 09:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\1000000b00002i\rundll32.exe
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\40000032e100002i\Photoshop.exe
2010-03-29 11:54 . 2010-03-29 11:54 -------- d-----w- c:\documents and settings\charlie\Application Data\Thinstall
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-29 09:45 . 2010-03-29 09:45 -------- d-----w- c:\program files\Moon Position
2010-03-28 11:13 . 2010-03-28 11:13 90112 ----a-w- c:\documents and settings\charlie\Application Data\bibble\XCrashReport.exe
2010-03-28 11:13 . 2010-03-28 11:13 -------- d-----w- c:\documents and settings\charlie\Application Data\bibble
2010-03-28 11:09 . 2010-03-28 11:09 -------- d-----w- c:\program files\Common Files\Bibble Labs
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\program files\Opanda
2010-03-14 23:12 . 2010-03-14 23:12 -------- d-----w- c:\documents and settings\charlie\Application Data\Media Player Classic
2010-03-10 14:56 . 2010-03-10 14:56 -------- d-----w- c:\documents and settings\charlie\Application Data\Apple Computer
2010-03-10 12:55 . 2010-03-10 12:55 -------- d-----w- c:\program files\WinDjView
2010-03-10 06:15 . 2004-08-10 19:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-08 01:29 . 2010-03-08 01:29 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup12.exe
2010-03-05 10:57 . 2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 10:57 . 2009-11-09 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-05 07:54 . 2010-03-05 07:53 -------- d-----w- c:\program files\Paradox Interactive
2010-03-03 10:33 . 2010-03-03 10:33 -------- d-----w- c:\program files\directx
2010-03-02 20:43 . 2010-03-02 20:43 -------- d-----w- c:\documents and settings\charlie\Application Data\FastStone
2010-03-02 20:41 . 2010-03-02 20:41 -------- d-----w- c:\program files\FastStone Image Viewer
2010-02-25 06:24 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2005-09-28 16:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-09-28 15:35 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-02-27 15:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 16:13 . 2010-03-14 23:11 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((( [email protected]_14.38.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-27 15:29 . 2010-04-27 15:29 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-27 15:29 . 2010-04-27 15:29 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-04-27 15:29 . 2010-04-27 15:29 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-02-15 22:24 . 2005-10-20 21:00 157696 c:\windows\ERUNT\ERUNT.EXE
+ 2010-04-27 15:29 . 2010-04-27 15:29 1583616 c:\windows\Installer\28304.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-10 1081344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [09/11/2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/11/2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/11/2009 13:53 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 11:57 308064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 10:59 1047880]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10:18 10064]
S2 gupdate1ca87afaeb010e2;Google Update Service (gupdate1ca87afaeb010e2);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 11:19 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 14:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
Completion time: 2010-04-28 14:57:11
ComboFix-quarantined-files.txt 2010-04-28 13:57
ComboFix2.txt 2010-04-27 14:42

Pre-Run: 57,059,835,904 bytes free
Post-Run: 57,017,925,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 05F418CD8B146529053066F58B1C725D

ComboFix 10-04-26.04 - charlie 27/04/2010 15:28:44.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.449 [GMT 1:00]
Running from: F:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\Chip.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 14:21 . 2010-04-27 14:21 -------- d-----w- c:\program files\CCleaner
2010-04-20 09:31 . 2010-04-20 09:31 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 09:30 . 2010-04-20 09:30 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 16:56 . 2010-04-15 16:56 -------- d-----w- C:\New Folder (2)
2010-04-12 08:48 . 2010-04-12 08:48 -------- d-----w- c:\program files\Eidos
2010-04-11 23:15 . 2010-04-16 09:16 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 23:14 . 2010-04-11 23:10 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-11 23:14 . 2010-04-11 23:10 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-11 23:14 . 2008-12-25 15:03 125936 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-11 23:14 . 2010-04-11 23:14 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 23:14 . 2010-04-11 23:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-11 23:10 . 2010-04-11 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-04 22:02 . 2010-04-04 22:02 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-04 22:02 . 2010-04-04 22:02 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-04 22:02 . 2010-04-04 22:02 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-04 22:02 . 2010-04-04 22:02 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-04 22:01 . 2010-04-04 22:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-04 21:57 . 2010-04-04 21:57 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-04-04 08:33 . 2010-04-04 08:33 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:31 . 2010-03-30 22:31 -------- d-----w- c:\program files\Bonjour
2010-03-30 22:22 . 2010-03-30 22:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-29 21:47 . 2010-03-29 21:48 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-03-29 21:47 . 2010-03-29 21:48 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-03-29 21:47 . 2010-03-29 21:48 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-29 21:47 . 2010-03-29 21:47 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-03-29 21:47 . 2010-03-29 21:47 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-03-29 21:47 . 2010-03-29 21:47 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-03-29 21:47 . 2010-03-29 21:47 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-03-29 21:47 . 2010-03-29 21:47 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-03-29 21:47 . 2010-03-29 21:47 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-03-29 21:47 . 2010-03-29 21:47 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-03-29 21:47 . 2010-03-29 21:47 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-03-29 21:47 . 2010-03-29 21:47 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-03-29 21:46 . 2010-03-29 21:46 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-29 17:34 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-29 17:34 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-29 11:57 . 2010-03-29 11:57 -------- d-----w- C:\Photoshop
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\1000000b00002i\rundll32.exe
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\40000032e100002i\Photoshop.exe
2010-03-29 11:54 . 2010-03-29 11:54 -------- d-----w- c:\documents and settings\charlie\Application Data\Thinstall
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-29 09:45 . 2010-03-29 09:45 -------- d-----w- c:\program files\Moon Position

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 14:37 . 2006-10-12 13:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-27 08:20 . 2009-12-18 14:32 0 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat
2010-04-20 09:30 . 2009-11-09 12:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 23:58 . 2009-09-07 19:37 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 23:57 . 2007-10-20 01:41 73408 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 08:50 . 2010-04-12 08:50 8854 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\ARPPRODUCTICON.exe
2010-04-12 08:50 . 2010-04-12 08:50 3262 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-04-12 08:50 . 2010-04-12 08:50 -------- d-----w- c:\program files\GameShadow
2010-04-04 22:02 . 2010-03-08 01:39 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-31 01:58 . 2007-06-15 20:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-06-15 20:00 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-06-15 20:00 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2005-05-12 17:54 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-29 23:46 . 2008-11-01 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-11-01 09:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 11:13 . 2010-03-28 11:13 90112 ----a-w- c:\documents and settings\charlie\Application Data\bibble\XCrashReport.exe
2010-03-28 11:13 . 2010-03-28 11:13 -------- d-----w- c:\documents and settings\charlie\Application Data\bibble
2010-03-28 11:09 . 2010-03-28 11:09 -------- d-----w- c:\program files\Common Files\Bibble Labs
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\program files\Opanda
2010-03-14 23:12 . 2010-03-14 23:12 -------- d-----w- c:\documents and settings\charlie\Application Data\Media Player Classic
2010-03-10 14:56 . 2010-03-10 14:56 -------- d-----w- c:\documents and settings\charlie\Application Data\Apple Computer
2010-03-10 12:55 . 2010-03-10 12:55 -------- d-----w- c:\program files\WinDjView
2010-03-10 06:15 . 2004-08-10 19:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-08 01:29 . 2010-03-08 01:29 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup12.exe
2010-03-05 10:57 . 2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 10:57 . 2009-11-09 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-05 07:54 . 2010-03-05 07:53 -------- d-----w- c:\program files\Paradox Interactive
2010-03-03 10:33 . 2010-03-03 10:33 -------- d-----w- c:\program files\directx
2010-03-02 20:43 . 2010-03-02 20:43 -------- d-----w- c:\documents and settings\charlie\Application Data\FastStone
2010-03-02 20:41 . 2010-03-02 20:41 -------- d-----w- c:\program files\FastStone Image Viewer
2010-02-25 06:24 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2005-09-28 16:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-09-28 15:35 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-02-27 15:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 16:13 . 2010-03-14 23:11 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-10 1081344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [09/11/2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/11/2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/11/2009 13:53 242896]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 11:57 308064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 10:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10:18 10064]
S2 gupdate1ca87afaeb010e2;Google Update Service (gupdate1ca87afaeb010e2);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 11:19 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-EASEUS Data Recovery Wizard 5.0.1_is1 - f:\easeus data recovery wizard 5.0.1\unins000.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\docume~1\charlie\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-27 15:42:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-27 14:42

Pre-Run: 49,727,995,904 bytes free
Post-Run: 49,631,526,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 374ECA93CCDFB6803F36C11EDE70090D

2010-04-27 14:42:08 . 2010-04-27 14:42:10 2,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-EASEUS Data Recovery Wizard 5.0.1_is1.reg.dat
2010-04-27 14:41:53 . 2010-04-27 14:41:54 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Nokia.PCSync.reg.dat
2010-04-27 14:34:53 . 2010-04-27 14:34:54 984 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2010-04-27 14:34:36 . 2010-04-28 14:11:48 6,226 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-04-27 14:27:22 . 2010-04-28 14:07:16 408 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-09-18 07:46:52 . 2009-09-18 07:46:54 34,308 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Chip.dll.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 81,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 233,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 53,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPCap\daemon_mgm.exe.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPCap\rpcapd.exe.vir
2007-10-20 01:44:35 . 2006-01-23 11:41:42 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPCap\npf_mgm.exe.vir
2007-10-20 01:44:34 . 2006-01-23 11:41:42 32,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\browserchoice.exe

TDL::
c:\windows\system32\drivers\avgtdix.sys


Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

Advertisements


#11
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, thanks again for the reply....

ComboFix 10-04-27.04 - charlie 29/04/2010 14:46:48.4.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.166 [GMT 1:00]
Running from: c:\documents and settings\charlie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\charlie\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat"
"c:\windows\system32\browserchoice.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\charlie\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-28 13:47 . 2010-04-28 13:48 -------- d-----w- c:\documents and settings\charlie\Application Data\AVG9
2010-04-27 16:28 . 2010-04-27 16:28 -------- d-----w- C:\VundoFix Backups
2010-04-27 15:29 . 2010-04-27 15:29 52224 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-27 15:29 . 2010-04-27 15:29 117760 ----a-w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\documents and settings\charlie\Application Data\SUPERAntiSpyware.com
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\ERDNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- c:\windows\ERUNT
2010-04-27 14:44 . 2010-04-27 14:44 -------- d-----w- C:\!FixIEDef
2010-04-27 14:21 . 2010-04-27 14:21 -------- d-----w- c:\program files\CCleaner
2010-04-20 09:31 . 2010-04-20 09:31 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 09:30 . 2010-04-20 09:30 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 16:56 . 2010-04-15 16:56 -------- d-----w- C:\New Folder (2)
2010-04-12 08:48 . 2010-04-12 08:48 -------- d-----w- c:\program files\Eidos
2010-04-11 23:15 . 2010-04-16 09:16 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 23:14 . 2010-04-11 23:10 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-11 23:14 . 2010-04-11 23:10 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-11 23:14 . 2008-12-25 15:03 125936 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-11 23:14 . 2010-04-11 23:14 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 23:14 . 2010-04-11 23:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-11 23:13 . 2010-04-11 23:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-11 23:12 . 2010-04-11 23:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-11 23:10 . 2010-04-11 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-04 22:10 . 2010-04-04 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-04 22:09 . 2010-04-04 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-04 22:02 . 2010-04-04 22:02 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-04 22:02 . 2010-04-04 22:02 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-04 22:02 . 2010-04-04 22:02 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-04 22:02 . 2010-04-04 22:02 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-04 22:02 . 2010-04-04 22:02 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-04 22:01 . 2010-04-04 22:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-04 21:57 . 2010-04-04 21:57 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-04-04 08:33 . 2010-04-04 08:33 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:31 . 2010-03-30 22:31 -------- d-----w- c:\program files\Bonjour
2010-03-30 22:22 . 2010-03-30 22:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 00:37 . 2006-10-12 13:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-20 09:30 . 2009-11-09 12:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 23:58 . 2009-09-07 19:37 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 23:57 . 2007-10-20 01:41 73408 ----a-w- c:\documents and settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 08:50 . 2010-04-12 08:50 8854 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-04-12 08:50 . 2010-04-12 08:50 45056 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\ARPPRODUCTICON.exe
2010-04-12 08:50 . 2010-04-12 08:50 3262 ----a-r- c:\documents and settings\charlie\Application Data\Microsoft\Installer\{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-04-12 08:50 . 2010-04-12 08:50 -------- d-----w- c:\program files\GameShadow
2010-04-04 22:02 . 2010-03-08 01:39 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-31 01:58 . 2007-06-15 20:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-06-15 20:00 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-06-15 20:00 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2005-05-12 17:54 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-29 23:46 . 2008-11-01 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-11-01 09:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-29 17:33 . 2010-03-29 17:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\1000000b00002i\rundll32.exe
2010-03-29 11:54 . 2010-03-29 11:54 16251904 ----a-w- c:\documents and settings\charlie\Application Data\Thinstall\Adobe Photoshop CS4\40000032e100002i\Photoshop.exe
2010-03-29 11:54 . 2010-03-29 11:54 -------- d-----w- c:\documents and settings\charlie\Application Data\Thinstall
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-29 09:45 . 2010-03-29 09:45 -------- d-----w- c:\program files\Moon Position
2010-03-28 11:13 . 2010-03-28 11:13 90112 ----a-w- c:\documents and settings\charlie\Application Data\bibble\XCrashReport.exe
2010-03-28 11:13 . 2010-03-28 11:13 -------- d-----w- c:\documents and settings\charlie\Application Data\bibble
2010-03-28 11:09 . 2010-03-28 11:09 -------- d-----w- c:\program files\Common Files\Bibble Labs
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\program files\Opanda
2010-03-14 23:12 . 2010-03-14 23:12 -------- d-----w- c:\documents and settings\charlie\Application Data\Media Player Classic
2010-03-10 14:56 . 2010-03-10 14:56 -------- d-----w- c:\documents and settings\charlie\Application Data\Apple Computer
2010-03-10 12:55 . 2010-03-10 12:55 -------- d-----w- c:\program files\WinDjView
2010-03-10 06:15 . 2004-08-10 19:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-08 01:29 . 2010-03-08 01:29 734728 ----a-w- c:\documents and settings\charlie\Application Data\Real\RealPlayer\setup\AU_setup12.exe
2010-03-05 10:57 . 2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 10:57 . 2009-11-09 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 10:56 . 2009-11-09 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-05 07:54 . 2010-03-05 07:53 -------- d-----w- c:\program files\Paradox Interactive
2010-03-03 10:33 . 2010-03-03 10:33 -------- d-----w- c:\program files\directx
2010-03-02 20:43 . 2010-03-02 20:43 -------- d-----w- c:\documents and settings\charlie\Application Data\FastStone
2010-03-02 20:41 . 2010-03-02 20:41 -------- d-----w- c:\program files\FastStone Image Viewer
2010-02-25 10:03 . 2010-03-29 17:34 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-25 09:56 . 2010-03-29 17:34 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-25 06:24 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2005-09-28 16:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-09-28 15:35 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 16:13 . 2010-03-14 23:11 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((( [email protected]_14.38.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-27 15:29 . 2010-04-27 15:29 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-27 15:29 . 2010-04-27 15:29 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-04-27 15:29 . 2010-04-27 15:29 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-02-15 22:24 . 2005-10-20 21:00 157696 c:\windows\ERUNT\ERUNT.EXE
+ 2010-04-27 15:29 . 2010-04-27 15:29 1583616 c:\windows\Installer\28304.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-10 1081344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 10:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [09/11/2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/11/2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/11/2009 13:53 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 11:57 308064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 10:59 1047880]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10:18 10064]
S2 gupdate1ca87afaeb010e2;Google Update Service (gupdate1ca87afaeb010e2);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 11:19 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:19]

2010-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-733568496-585324705-1595338913-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\charlie\Application Data\Mozilla\Firefox\Profiles\f00570rj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 14:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-29 14:53:26
ComboFix-quarantined-files.txt 2010-04-29 13:53
ComboFix2.txt 2010-04-28 14:14
ComboFix3.txt 2010-04-28 13:57
ComboFix4.txt 2010-04-27 14:42

Pre-Run: 56,925,224,960 bytes free
Post-Run: 56,880,627,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 2F0A2163EA70266917D5828C8EA10B8A
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
any redirects ?

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#13
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Rorschach, thanks for your reply. It's still redirecting. I've run TLC and MBAM and nothing picked up from scan. Sorry, forgot report-do you need this?
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
your problem seems to be related to VirginMedia. I'd have a read of this

http://community.vir...CP-IP/m-p/50892
  • 0

#15
dartmoor

dartmoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Rorschach, thanks for this reply. Thanks also for going to the effort of finding this virgin forum help. I've found some recommendations from other customers who seem to have sorted the problem.....

Will let you know how it went...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP