Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirect again [Solved]

Started by oliver_clothesoff , May 16 2010 10:28 AM

  • This topic is locked This topic is locked

#1
oliver_clothesoff
Posted 16 May 2010 - 10:28 AM

oliver_clothesoff

    Member

  • Member
  • PipPip
  • 34 posts
hi
about a month ago i started getting an Anti virus pop up, i then had warnings through avg of a trojan, then the google redirect started.

ive had a similar problem about a year ago, which was resolved with the help of the geeks2go folk :)

im not sure if this new problem is left from before or whether ive been infected again.


Im using AVG as my anti virus. It has detected a few things over the last month, but when i scan it now it finds nothing.



MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/05/2010 2:19:04 AM
mbam-log-2010-05-17 (02-19-04).txt

Scan type: Quick scan
Objects scanned: 135227
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







******gmer wouldnt run it either froze or blue screened.



















OTL log...

OTL logfile created on: 17/05/2010 1:28:07 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\me\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 759.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 25.95 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMIE
Current User Name: me
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\me\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\me\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (watcherservice) -- C:\Program Files\Flac to MP3\WatcherService.exe (Ata alla zangenh madar)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (GTMM Device Service) -- C:\Program Files\Telstra GlobeTrotter Mobility Manager\GtmmDeviceService.exe (Option NV)
SRV - (VirtualWirelessDevice) -- C:\Program Files\Telstra GlobeTrotter Mobility Manager\VirtualWirelessDevice.exe (Option NV)
SRV - (PropertyPublisher) -- C:\Program Files\Telstra GlobeTrotter Mobility Manager\PropertyPublisher.exe ()
SRV - (GtDetectSc) -- C:\WINDOWS\system32\GtDetectSc.exe (OptionNV)
SRV - (ACS) -- C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe (Atheros)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (wsvad_driver) -- C:\WINDOWS\system32\drivers\VirtualAudio.sys (Wondershare)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\ar5416.sys (D-Link)
DRV - (GTMNDISIRPXP) -- C:\WINDOWS\system32\drivers\Gtm51Irp.sys (Option NV)
DRV - (GTUQBUS) -- C:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.)
DRV - (GTFFBUS) -- C:\WINDOWS\system32\drivers\gtffbus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 63 CB C2 DE 27 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://cache01.comin...o.com.au:8080/"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/10/03 01:56:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/27 20:27:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 06:36:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 06:36:22 | 000,000,000 | ---D | M]

[2009/01/07 17:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Mozilla\Extensions
[2010/05/16 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions
[2009/09/03 05:04:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/09 05:48:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/16 20:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/28 02:14:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2009/06/21 12:38:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (no name) - {c148d17d-89e0-45a6-b80a-5f684950fde7} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {e584d28b-ddf3-4770-8c2e-081ca355c4e7} - No CLSID value found.
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3253344D-0000-0010-8000-00AA00389B71} http://codecs.micros...386/mpg4sax.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} http://download.mcaf...612/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 04:24:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a14da5c8-72df-11de-8ffc-00037af450fa}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/03/07 04:24:21 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 20:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/15 04:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/12 04:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\judyphotos
[2010/05/09 05:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Fake Webcam
[2010/05/09 05:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\GetRightToGo
[2010/05/07 08:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Windows Search
[2010/05/06 18:19:16 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\me\My Documents\My Safe
[2010/05/05 18:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 05:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/21 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/21 19:09:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/04/21 19:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Windows Desktop Search
[2010/04/21 19:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/04/21 19:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/16 18:14:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/16 18:13:18 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/16 18:13:15 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/16 18:13:10 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/16 18:13:08 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/16 18:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/16 18:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/15 14:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\celebs
[2010/04/08 07:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\music
[2010/04/08 04:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\walk
[2010/04/07 20:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\scandal
[2010/04/07 20:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\sunarvo
[2010/03/17 03:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\now
[2010/03/11 18:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/03/11 18:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/03/11 15:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\me
[2010/02/16 20:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\heads
[2006/03/07 10:45:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 90 Days ==========

[2010/05/17 01:07:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 00:57:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/17 00:57:37 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/17 00:56:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 00:21:37 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\me\ntuser.dat
[2010/05/17 00:21:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\me\ntuser.ini
[2010/05/17 00:04:13 | 000,098,532 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\prvlcl.dat
[2010/05/16 22:16:29 | 000,826,880 | ---- | M] () -- C:\Documents and Settings\me\Desktop\wpbartcvbasic.doc
[2010/05/16 22:05:32 | 000,644,375 | ---- | M] () -- C:\Documents and Settings\me\Desktop\2010-Mosman-Art-Prize-entry-form.pdf
[2010/05/16 21:55:11 | 000,072,053 | ---- | M] () -- C:\Documents and Settings\me\My Documents\DMNPP%20Entry%20Form.pdf
[2010/05/16 21:47:26 | 000,131,355 | ---- | M] () -- C:\Documents and Settings\me\Desktop\455756652_7b796fd233.jpg
[2010/05/16 20:58:20 | 001,960,748 | ---- | M] () -- C:\Documents and Settings\me\Desktop\img_42181.jpg
[2010/05/16 20:57:53 | 001,960,748 | ---- | M] () -- C:\Documents and Settings\me\Desktop\go2.wordpress.com.htm
[2010/05/16 20:30:52 | 060,047,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/13 02:20:04 | 000,357,524 | ---- | M] () -- C:\Documents and Settings\me\Desktop\face4.ai
[2010/05/13 02:19:25 | 005,277,558 | ---- | M] () -- C:\Documents and Settings\me\Desktop\face4.psd
[2010/05/12 22:14:49 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\me\Desktop\saville.doc
[2010/05/12 21:11:36 | 000,122,206 | ---- | M] () -- C:\Documents and Settings\me\Desktop\3628960734_46446e0868.jpg
[2010/05/12 09:44:35 | 000,075,191 | ---- | M] () -- C:\Documents and Settings\me\Desktop\face4.jpg
[2010/05/12 07:42:15 | 000,079,363 | ---- | M] () -- C:\Documents and Settings\me\Desktop\418770503_e6a30cb452_o.jpg
[2010/05/10 18:28:21 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 06:25:22 | 000,031,609 | ---- | M] () -- C:\Documents and Settings\me\Desktop\studio23jpg.jpg
[2010/05/05 16:30:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 04:30:32 | 000,116,273 | ---- | M] () -- C:\Documents and Settings\me\Desktop\DMNPP%20Entry%20Form%202010.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 23:17:48 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\me\Desktop\utorrent.exe
[2010/04/25 22:40:49 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/22 19:41:00 | 000,103,916 | ---- | M] () -- C:\Documents and Settings\me\Desktop\heads.jpg
[2010/04/22 17:58:03 | 017,035,508 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Untitled_Panorama1.psd
[2010/04/22 17:34:21 | 000,097,050 | ---- | M] () -- C:\Documents and Settings\me\Desktop\7.jpg
[2010/04/22 17:33:56 | 000,108,628 | ---- | M] () -- C:\Documents and Settings\me\Desktop\6.jpg
[2010/04/22 17:33:34 | 000,142,744 | ---- | M] () -- C:\Documents and Settings\me\Desktop\5.jpg
[2010/04/22 17:33:11 | 000,123,234 | ---- | M] () -- C:\Documents and Settings\me\Desktop\4.jpg
[2010/04/22 17:32:42 | 000,145,878 | ---- | M] () -- C:\Documents and Settings\me\Desktop\3.jpg
[2010/04/22 17:32:02 | 000,149,939 | ---- | M] () -- C:\Documents and Settings\me\Desktop\2.jpg
[2010/04/22 17:31:32 | 000,085,549 | ---- | M] () -- C:\Documents and Settings\me\Desktop\1.jpg
[2010/04/21 19:36:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/21 19:25:26 | 000,496,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/21 19:25:26 | 000,430,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/21 19:25:26 | 000,075,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/21 19:08:22 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/21 18:47:41 | 136,306,688 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/04/16 18:13:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/16 18:13:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/16 18:13:09 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/16 18:13:08 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/07 22:49:44 | 000,307,075 | ---- | M] () -- C:\Documents and Settings\me\Desktop\flower6.jpg
[2010/04/04 06:11:42 | 000,023,005 | ---- | M] () -- C:\Documents and Settings\me\Desktop\eakins_photo.jpg
[2010/04/03 02:12:55 | 000,197,203 | ---- | M] () -- C:\Documents and Settings\me\Desktop\images-3D-sans-lunettes-Stéréoscopie-5.gif
[2010/03/29 07:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/11 20:46:08 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\me\My Documents\vlc-1.0.5-win32.exe

========== Files Created - No Company Name ==========

[2010/05/16 22:16:29 | 000,826,880 | ---- | C] () -- C:\Documents and Settings\me\Desktop\wpbartcvbasic.doc
[2010/05/16 22:05:31 | 000,644,375 | ---- | C] () -- C:\Documents and Settings\me\Desktop\2010-Mosman-Art-Prize-entry-form.pdf
[2010/05/16 21:55:11 | 000,072,053 | ---- | C] () -- C:\Documents and Settings\me\My Documents\DMNPP%20Entry%20Form.pdf
[2010/05/16 21:47:21 | 000,131,355 | ---- | C] () -- C:\Documents and Settings\me\Desktop\455756652_7b796fd233.jpg
[2010/05/16 20:58:17 | 001,960,748 | ---- | C] () -- C:\Documents and Settings\me\Desktop\img_42181.jpg
[2010/05/16 20:57:46 | 001,960,748 | ---- | C] () -- C:\Documents and Settings\me\Desktop\go2.wordpress.com.htm
[2010/05/13 02:20:02 | 000,357,524 | ---- | C] () -- C:\Documents and Settings\me\Desktop\face4.ai
[2010/05/13 02:19:23 | 005,277,558 | ---- | C] () -- C:\Documents and Settings\me\Desktop\face4.psd
[2010/05/12 22:14:49 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\me\Desktop\saville.doc
[2010/05/12 21:11:33 | 000,122,206 | ---- | C] () -- C:\Documents and Settings\me\Desktop\3628960734_46446e0868.jpg
[2010/05/12 09:38:04 | 000,075,191 | ---- | C] () -- C:\Documents and Settings\me\Desktop\face4.jpg
[2010/05/12 07:42:13 | 000,079,363 | ---- | C] () -- C:\Documents and Settings\me\Desktop\418770503_e6a30cb452_o.jpg
[2010/05/08 06:25:17 | 000,031,609 | ---- | C] () -- C:\Documents and Settings\me\Desktop\studio23jpg.jpg
[2010/05/04 01:37:49 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\me\ntuser.dat
[2010/05/03 04:30:32 | 000,116,273 | ---- | C] () -- C:\Documents and Settings\me\Desktop\DMNPP%20Entry%20Form%202010.pdf
[2010/05/03 01:40:11 | 000,098,532 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\prvlcl.dat
[2010/04/22 19:15:06 | 000,103,916 | ---- | C] () -- C:\Documents and Settings\me\Desktop\heads.jpg
[2010/04/22 17:58:02 | 017,035,508 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Untitled_Panorama1.psd
[2010/04/22 17:34:19 | 000,097,050 | ---- | C] () -- C:\Documents and Settings\me\Desktop\7.jpg
[2010/04/22 17:33:54 | 000,108,628 | ---- | C] () -- C:\Documents and Settings\me\Desktop\6.jpg
[2010/04/22 17:33:32 | 000,142,744 | ---- | C] () -- C:\Documents and Settings\me\Desktop\5.jpg
[2010/04/22 17:33:08 | 000,123,234 | ---- | C] () -- C:\Documents and Settings\me\Desktop\4.jpg
[2010/04/22 17:32:40 | 000,145,878 | ---- | C] () -- C:\Documents and Settings\me\Desktop\3.jpg
[2010/04/22 17:32:00 | 000,149,939 | ---- | C] () -- C:\Documents and Settings\me\Desktop\2.jpg
[2010/04/22 17:31:26 | 000,085,549 | ---- | C] () -- C:\Documents and Settings\me\Desktop\1.jpg
[2010/04/21 19:08:22 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/16 18:13:08 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/16 18:12:55 | 060,047,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/07 22:49:42 | 000,307,075 | ---- | C] () -- C:\Documents and Settings\me\Desktop\flower6.jpg
[2010/04/04 06:11:29 | 000,023,005 | ---- | C] () -- C:\Documents and Settings\me\Desktop\eakins_photo.jpg
[2010/04/03 02:12:44 | 000,197,203 | ---- | C] () -- C:\Documents and Settings\me\Desktop\images-3D-sans-lunettes-Stéréoscopie-5.gif
[2010/03/11 20:45:15 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\me\My Documents\vlc-1.0.5-win32.exe
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 15:09:32 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/09/13 19:20:54 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/06/10 07:30:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/04/13 20:58:41 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/03/20 08:36:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/10 04:31:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 23:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSBrow.INI
[2007/08/21 10:26:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/21 10:26:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/16 08:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/16 08:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 18:08:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/11/16 18:41:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/11/16 11:46:17 | 000,000,080 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/05/16 07:46:06 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/16 07:46:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/16 07:46:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/16 07:46:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/16 07:45:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/09 06:51:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 10:45:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/07 09:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/07 09:07:40 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/07 09:07:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/07 09:00:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/07 08:58:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/07 08:58:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/07 08:58:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/07 08:58:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/07 08:58:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/07 08:58:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/07 07:21:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/07 07:20:31 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/07 07:20:30 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/07 07:20:30 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/07 07:20:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/07 05:33:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 04:28:53 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 03:02:27 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/28 22:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/03 08:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 15:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/21 11:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 08:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 20:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== LOP Check ==========

[2010/04/16 18:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/02/15 04:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLAC to MP3
[2009/10/03 01:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/03 02:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/10/03 03:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/26 04:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/11/29 01:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telstra GlobeTrotter Mobility Manager
[2010/05/17 00:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/28 08:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/09 15:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/09 02:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/06/02 23:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Ambient Design
[2008/05/07 23:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Canon
[2010/05/09 05:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\GetRightToGo
[2009/07/27 23:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\gtk-2.0
[2007/03/20 02:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\ICQ Toolbar
[2009/07/27 23:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Inkscape
[2007/02/15 05:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\InterVideo
[2009/07/23 10:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\LaCie
[2007/01/31 05:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\MoyeaFLV2Video
[2006/11/17 16:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\MSNInstaller
[2009/10/03 02:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Nokia
[2009/10/08 11:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\PC Suite
[2006/11/19 23:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Protector Suite
[2007/09/29 06:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\SecondLife
[2008/04/09 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Softplicity
[2007/01/19 02:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Template
[2007/09/06 01:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\toshiba
[2008/06/08 07:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Uniblue
[2010/05/16 20:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\uTorrent
[2008/04/24 07:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Vso
[2010/04/21 19:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Windows Desktop Search
[2010/05/07 08:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Windows Search
[2010/05/17 00:57:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/15 00:51:47 | 000,000,002 | ---- | M] () -- C:\815375283
[2006/03/07 04:24:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/02 18:21:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/06/02 18:39:09 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/04/13 21:16:11 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2006/03/07 04:24:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/21 00:35:43 | 000,001,164 | ---- | M] () -- C:\drmHeader.bin
[2005/11/30 07:20:10 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
[2006/03/07 04:24:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/10 20:39:08 | 000,002,899 | ---- | M] () -- C:\JavaRa.log
[2010/05/07 09:45:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/03/07 04:24:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/11 02:51:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/17 01:06:49 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2004/11/27 12:39:40 | 000,007,784 | ---- | M] () -- C:\ReadmeFirst.htm
[2007/09/14 03:48:58 | 000,004,238 | ---- | M] () -- C:\SetUp-Log-mpegable DS decoder.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/06 20:16:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/06 20:16:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/03/06 20:16:41 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/16 18:13:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/04/16 18:13:09 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/25 22:40:49 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 23:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >










Thank you in advance and apologies if i have posted incorrectly.

oli
  • 0

Advertisements

#2
Rorschach112
Posted 16 May 2010 - 10:59 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{a14da5c8-72df-11de-8ffc-00037af450fa}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
[2008/04/15 00:51:47 | 000,000,002 | ---- | M] () -- C:\815375283

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
oliver_clothesoff
Posted 17 May 2010 - 04:31 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ComboFix 10-05-16.01 - me 17/05/2010 20:11:39.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.570 [GMT 10:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 09:42 . 2010-05-17 09:42 -------- d-----w- C:\_OTL
2010-05-08 19:48 . 2010-03-26 00:33 43008 ----a-w- c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-08 19:48 . 2010-03-26 00:33 1496064 ----a-w- c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-08 19:48 . 2010-03-26 00:33 339456 ----a-w- c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-08 19:48 . 2010-03-26 00:32 346112 ----a-w- c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-05-08 19:34 . 2010-05-11 23:52 -------- d-----w- c:\program files\Fake Webcam
2010-05-08 19:32 . 2010-05-08 19:34 -------- d-----w- c:\documents and settings\me\Application Data\GetRightToGo
2010-05-06 22:10 . 2010-05-06 22:10 -------- d-----w- c:\documents and settings\me\Application Data\Windows Search
2010-05-05 06:25 . 2010-05-05 06:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-02 15:40 . 2010-05-16 21:09 0 ----a-w- c:\documents and settings\me\Local Settings\Application Data\prvlcl.dat
2010-04-25 12:41 . 2010-04-25 12:41 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-25 12:39 . 2010-04-25 12:39 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-21 09:10 . 2010-04-21 09:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-21 09:09 . 2010-04-21 09:09 -------- d-----w- c:\documents and settings\me\Application Data\Windows Desktop Search
2010-04-21 09:07 . 2010-04-25 07:02 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-21 09:07 . 2010-04-21 09:07 -------- d-----w- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 09:48 . 2008-08-11 03:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-16 19:07 . 2007-02-05 23:31 -------- d-----w- c:\documents and settings\me\Application Data\uTorrent
2010-05-12 18:19 . 2008-10-12 15:03 -------- d-----w- c:\documents and settings\me\Application Data\vlc
2010-05-06 23:45 . 2009-05-13 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 05:39 . 2009-06-09 14:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 05:39 . 2009-06-09 14:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 12:40 . 2010-04-16 08:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 08:13 . 2010-04-16 08:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-16 08:13 . 2010-04-16 08:13 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-16 08:13 . 2010-04-16 08:13 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-16 08:10 . 2010-04-16 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-16 08:10 . 2009-05-12 20:45 -------- d-----w- c:\program files\AVG
2010-04-16 07:52 . 2007-08-15 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-08 10:00 . 2007-09-09 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-04 19:17 . 2009-09-01 17:10 -------- d-----w- c:\program files\uTorrent
2010-03-31 19:45 . 2010-03-31 19:45 503808 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65e1ab8d-n\msvcp71.dll
2010-03-31 19:45 . 2010-03-31 19:45 499712 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65e1ab8d-n\jmc.dll
2010-03-31 19:45 . 2010-03-31 19:45 348160 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65e1ab8d-n\msvcr71.dll
2010-03-31 19:45 . 2010-03-31 19:45 61440 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-13512298-n\decora-sse.dll
2010-03-31 19:45 . 2010-03-31 19:45 12800 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-13512298-n\decora-d3d.dll
2010-03-31 19:44 . 2006-03-06 19:34 -------- d-----w- c:\program files\Java
2010-03-10 06:15 . 2006-03-06 17:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:28 . 2009-06-10 11:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2006-03-06 17:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-06 17:01 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2006-03-06 17:01 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TPSMain"="TPSMain.exe" [2005-05-31 282624]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-03 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-3 1753088]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-7 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe [2007-9-9 12693504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-16 08:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 07:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\me\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater]
2007-03-01 00:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
2008-11-20 02:20 290088 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
2008-11-03 23:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-01 05:25 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\me\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56565:TCP"= 56565:TCP:utorent
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/04/2010 6:13 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/04/2010 6:13 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/04/2010 6:11 PM 308064]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/05/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/05/2006 5:59 PM 33024]
R2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [12/09/2006 12:35 PM 167936]
R2 PropertyPublisher;PropertyPublisher;c:\program files\Telstra GlobeTrotter Mobility Manager\PropertyPublisher.exe [20/09/2006 6:57 PM 5632]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/05/2006 5:33 PM 3456]
R2 watcherservice;WatcherService;c:\program files\Flac to MP3\WatcherService.exe [15/02/2009 4:49 AM 16384]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [15/01/2009 2:35 AM 16896]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [12/09/2006 12:35 PM 17024]
S3 GTMM Device Service;GTMM Device Service;c:\program files\Telstra GlobeTrotter Mobility Manager\GtmmDeviceService.exe [20/09/2006 6:57 PM 106496]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [12/09/2006 12:35 PM 115840]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [12/09/2006 12:35 PM 34560]
S3 VirtualWirelessDevice;VirtualWirelessDevice;c:\program files\Telstra GlobeTrotter Mobility Manager\VirtualWirelessDevice.exe [20/09/2006 6:57 PM 614400]
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-05-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: live.com\login
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\z41hdmjv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{c148d17d-89e0-45a6-b80a-5f684950fde7} - (no file)
BHO-{e584d28b-ddf3-4770-8c2e-081ca355c4e7} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Torrent-Search Toolbar - c:\progra~1\TORREN~1\UNWISE.EXE
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1344)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2010-05-17 20:26:06
ComboFix-quarantined-files.txt 2010-05-17 10:26

Pre-Run: 28,635,267,072 bytes free
Post-Run: 28,600,037,376 bytes free

- - End Of File - - 6454D2C4CE18090EFD02AC3A664B8A3C
  • 0

#4
Rorschach112
Posted 17 May 2010 - 04:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
oliver_clothesoff
Posted 18 May 2010 - 03:58 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4111

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/05/2010 7:56:46 PM
mbam-log-2010-05-18 (19-56-46).txt

Scan type: Quick scan
Objects scanned: 137088
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)












continuing with kaspersky now...
  • 0

#6
Rorschach112
Posted 18 May 2010 - 05:00 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok
  • 0

#7
oliver_clothesoff
Posted 18 May 2010 - 05:37 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ive tried 3 times to run kaspersky.. it will get most of the way through the database update then have an error with DNS or unable to connect to server. Ive checked my internet and modem, all seem to be working. Could this be connected to viruses or malware? thanks.
  • 0

#8
Rorschach112
Posted 18 May 2010 - 05:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this

Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log



* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#9
oliver_clothesoff
Posted 18 May 2010 - 05:52 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
TDSS log


21:50:55:312 4300 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
21:50:55:312 4300 ================================================================================
21:50:55:312 4300 SystemInfo:

21:50:55:312 4300 OS Version: 5.1.2600 ServicePack: 3.0
21:50:55:312 4300 Product type: Workstation
21:50:55:312 4300 ComputerName: HOMIE
21:50:55:312 4300 UserName: me
21:50:55:312 4300 Windows directory: C:\WINDOWS
21:50:55:312 4300 Processor architecture: Intel x86
21:50:55:312 4300 Number of processors: 2
21:50:55:312 4300 Page size: 0x1000
21:50:55:312 4300 Boot type: Normal boot
21:50:55:312 4300 ================================================================================
21:50:55:312 4300 UnloadDriverW: NtUnloadDriver error 2
21:50:55:312 4300 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
21:50:55:453 4300 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:50:55:453 4300 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:50:55:453 4300 wfopen_ex: Trying to KLMD file open
21:50:55:453 4300 wfopen_ex: File opened ok (Flags 2)
21:50:55:453 4300 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:50:55:453 4300 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:50:55:453 4300 wfopen_ex: Trying to KLMD file open
21:50:55:453 4300 wfopen_ex: File opened ok (Flags 2)
21:50:55:453 4300 KLAVA engine initialized
21:50:55:578 4300 Initialize success
21:50:55:578 4300
21:50:55:578 4300 Scanning Services ...
21:50:56:062 4300 Raw services enum returned 420 services
21:50:56:062 4300
21:50:56:062 4300 Scanning Drivers ...
21:50:56:671 4300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:50:56:703 4300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:50:56:781 4300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:50:56:875 4300 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:50:57:328 4300 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:50:57:609 4300 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:50:57:906 4300 AR5416 (1f96e1324ab7eb3dc7afe107bfbc8a84) C:\WINDOWS\system32\DRIVERS\ar5416.sys
21:50:57:968 4300 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:50:58:187 4300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:50:58:250 4300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:50:58:296 4300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:50:58:328 4300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:50:58:437 4300 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
21:50:58:796 4300 AvgMfx86 (f9caeec3ff1545991f490264429724c5) C:\WINDOWS\system32\Drivers\avgmfx86.sys
21:50:59:000 4300 AvgTdiX (cf9ac576490bb6c547cd16ef0b782358) C:\WINDOWS\system32\Drivers\avgtdix.sys
21:50:59:046 4300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:50:59:578 4300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:50:59:765 4300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:50:59:812 4300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:50:59:906 4300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:50:59:953 4300 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:51:00:015 4300 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:51:00:250 4300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:51:00:296 4300 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:51:00:343 4300 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:51:00:375 4300 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:51:00:437 4300 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:51:00:484 4300 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:51:00:640 4300 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:51:00:890 4300 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:51:01:046 4300 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:51:01:078 4300 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:51:01:156 4300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:51:01:250 4300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:51:01:421 4300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:51:01:484 4300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:51:01:531 4300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:51:01:593 4300 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:51:01:640 4300 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:51:01:703 4300 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:51:01:875 4300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:51:01:921 4300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:51:02:078 4300 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
21:51:02:109 4300 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
21:51:02:468 4300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:51:02:718 4300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:51:02:968 4300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:51:03:125 4300 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:51:03:203 4300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:51:03:515 4300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:51:03:750 4300 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:51:04:156 4300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:51:04:406 4300 GTFFBUS (2cffb96f94f4dd48f213dee8fec80884) C:\WINDOWS\system32\DRIVERS\gtffbus.sys
21:51:04:593 4300 GTMNDISIRPXP (4f8b6eba717cd3231a39323b4988f59b) C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys
21:51:04:609 4300 GTPTSER (c2990953d2309025b2e1561d99afb6c2) C:\WINDOWS\system32\DRIVERS\gtptser.sys
21:51:04:640 4300 GTUQBUS (0f85495d61e5d14be09898e6fa4cb886) C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
21:51:04:703 4300 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:51:04:765 4300 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:51:05:218 4300 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:51:05:531 4300 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:51:05:875 4300 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:51:06:437 4300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:51:06:859 4300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:51:07:093 4300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:51:07:343 4300 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:51:07:796 4300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:51:07:953 4300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:51:08:031 4300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:51:08:078 4300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:51:08:125 4300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:51:08:203 4300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:51:08:437 4300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:51:08:484 4300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:51:08:515 4300 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
21:51:08:578 4300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:51:08:656 4300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:51:08:875 4300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:51:08:953 4300 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
21:51:08:984 4300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:51:09:031 4300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:51:09:093 4300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:51:09:156 4300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:51:09:687 4300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:51:10:281 4300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:51:10:593 4300 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:51:10:781 4300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:51:10:843 4300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:51:10:859 4300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:51:10:890 4300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:51:10:937 4300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:51:10:968 4300 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:51:11:000 4300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:51:11:328 4300 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:51:11:531 4300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:51:11:562 4300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:51:11:640 4300 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:51:11:718 4300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:51:11:781 4300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:51:11:812 4300 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:51:11:968 4300 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:51:12:031 4300 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:51:12:203 4300 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:51:12:359 4300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:51:12:734 4300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:51:13:109 4300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:51:13:437 4300 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:51:13:796 4300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:51:13:812 4300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:51:13:875 4300 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
21:51:13:953 4300 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:51:14:015 4300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:51:14:109 4300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:51:14:281 4300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:51:14:343 4300 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:51:14:406 4300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:51:14:468 4300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:51:14:546 4300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:51:14:921 4300 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:51:15:328 4300 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
21:51:15:390 4300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:51:15:406 4300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:51:15:421 4300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:51:15:484 4300 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:51:16:125 4300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:51:16:296 4300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:51:16:453 4300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:51:16:515 4300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:51:16:625 4300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:51:16:765 4300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:51:16:828 4300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:51:16:890 4300 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:51:16:953 4300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:51:17:031 4300 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:51:17:093 4300 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:51:17:281 4300 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:51:17:328 4300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:51:17:375 4300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:51:17:406 4300 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:51:17:437 4300 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:51:17:515 4300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:51:17:640 4300 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys
21:51:17:812 4300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:51:17:921 4300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:51:18:015 4300 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:51:18:109 4300 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
21:51:18:281 4300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:51:18:312 4300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:51:18:421 4300 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:51:18:500 4300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:51:18:593 4300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:51:18:828 4300 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:51:18:906 4300 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
21:51:18:984 4300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:51:19:015 4300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:51:19:062 4300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:51:19:265 4300 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
21:51:19:312 4300 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
21:51:19:390 4300 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
21:51:19:453 4300 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
21:51:19:484 4300 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
21:51:19:546 4300 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
21:51:19:703 4300 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:51:19:765 4300 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
21:51:19:796 4300 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
21:51:19:859 4300 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
21:51:19:906 4300 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
21:51:19:953 4300 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:51:19:984 4300 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
21:51:20:000 4300 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
21:51:20:156 4300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:51:20:203 4300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:51:20:312 4300 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:51:20:343 4300 usbaapl (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:51:20:375 4300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:51:20:421 4300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:51:20:562 4300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:51:20:625 4300 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:51:20:656 4300 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:51:20:687 4300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:51:20:703 4300 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:51:20:796 4300 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:51:20:890 4300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:51:20:953 4300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:51:21:218 4300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:51:21:578 4300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:51:22:015 4300 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
21:51:22:406 4300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:51:22:468 4300 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:51:22:515 4300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:51:22:562 4300 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:51:22:812 4300 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
21:51:22:875 4300 wsvad_driver (df091e771ba41864a383816efb968817) C:\WINDOWS\system32\drivers\VirtualAudio.sys
21:51:22:953 4300 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:51:23:015 4300 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:51:23:015 4300
21:51:23:015 4300 Completed
21:51:23:015 4300
21:51:23:015 4300 Results:
21:51:23:015 4300 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:51:23:015 4300 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:51:23:015 4300
21:51:23:015 4300 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:51:23:015 4300 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:51:23:015 4300 KLMD(ARK) unloaded successfully
  • 0

#10
oliver_clothesoff
Posted 18 May 2010 - 06:02 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ESET wont run. I check agree and then start and i just get an X/ little box in the corner.

Edited by oliver_clothesoff, 18 May 2010 - 06:07 AM.

  • 0

Advertisements

#11
Rorschach112
Posted 18 May 2010 - 06:05 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you update avg run a full scan, post that log here
  • 0

#12
oliver_clothesoff
Posted 18 May 2010 - 06:11 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
disregard.. used an older version of IE and it worked ???
running scan now.

Edited by oliver_clothesoff, 18 May 2010 - 06:12 AM.

  • 0

#13
oliver_clothesoff
Posted 18 May 2010 - 09:30 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
took a while... but here is the ESET log..



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b61db97cad225c4ba5caa75c8c642e3f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-18 03:22:58
# local_time=2010-05-19 01:22:58 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 1948531 1948531 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4555 4555 0 0
# scanned=206140
# found=0
# cleaned=0
# scan_time=10636
  • 0

#14
Rorschach112
Posted 18 May 2010 - 12:47 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
oliver_clothesoff
Posted 19 May 2010 - 01:54 AM

oliver_clothesoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
thank you so much! i keep learning.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP