Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed, unknown virus/spyware problems, possibly causing blue screen error


  • This topic is locked This topic is locked
12 replies to this topic

#1 swordfishtrombone

swordfishtrombone

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 28 April 2009 - 06:04 PM

Hi,

I started getting some evidence of malware on my computer yesterday, in particular the antivirus 2009 thing which keeps trying to get you to download a false antivirus program, and some sort of browser hijacking. I immediately ran all the anti spyware type programs I had including adaware, spybot s&d, malware bytes and ccleaner. This seemed to work, but today upon logging into my computer in normal mode I recieved a blue screen and error message reading:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

STOP 0x000000D1, and a few more of these codes, I can type it all if that will be any help.

I can only presume that some sort of virus or spyware is causing this problem, since I had no such problems since this outbreak, and running antivirus programs in safemode including AVG has produced some results, but not yet got rid of this problem. I have also tried updating all drivers, and checking my memory by booting with memcheck (it showed no problems).

Any idea how I could fix this? Would really appreciate some help. heres my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:04, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\SRNMIC~1\SOLOSENT.EXE
F:\SRNMIC~1\SOLOCFG.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
F:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "F:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe F:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [SoloSentry] F:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] F:\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6379] command /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2261] cmd /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7993] command /c del "F:\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2694] cmd /c del "F:\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5672] command /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2449] cmd /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe F:\DOCUME~1\CHASAG~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\RunOnce: [SpybotDeletingB8094] command /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD689] cmd /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3783] command /c del "F:\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2317] cmd /c del "F:\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB498] command /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4794] cmd /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: F:\WINDOWS\system32\zoyokuvu.dll f:\windows\system32\
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: rksocket - F:\WINDOWS\SYSTEM32\rksocket.dll
O20 - Winlogon Notify: __c008D358 - F:\WINDOWS\system32\__c008D358.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - F:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8774 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 April 2009 - 04:03 AM

Uninstall these programs first

1. Spybot S&D
2. Lavasoft Ad-Aware



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 swordfishtrombone

swordfishtrombone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2009 - 05:13 AM

Have done everything else bar the 2 scans, but adaware won't let me uninstall it due to being in safe mode. Is there another way to get rid of it?

Thanks for the quick reply

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 April 2009 - 07:12 AM

Just run ComboFix then.. and post the log here..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 swordfishtrombone

swordfishtrombone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2009 - 08:50 AM

Okay, heres the combofix log:

ComboFix 09-04-28.03 - Chas Agar 29/04/2009 14:13.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.382 [GMT 1:00]
Running from: f:\documents and settings\Chas Agar\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
f:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
f:\documents and settings\Chas Agar\protect.dll
f:\documents and settings\Chas Agar\Start Menu\Programs\Startup\ChkDisk.lnk
f:\windows\system32\__c008D358.dat
f:\windows\system32\autochk.dll
f:\windows\system32\config\systemprofile\protect.dll
f:\windows\system32\drivers\ovfsthbquqgoqpclkxrmggkqjixgsalrqjokym.sys
f:\windows\system32\hrpdcf.bin
f:\windows\system32\k86.bin
f:\windows\system32\liwifina.exe
f:\windows\system32\ovfsthbywadjgcpqjmxtpkrjpxkabvpfpsopnm.dat
f:\windows\system32\ovfsthdujmwluyfqymswnknlduqqwqjhdlemwd.dat
f:\windows\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll
f:\windows\system32\ovfsthliqkyiqpkghtkmjeqfwmaullehtkmcwo.dll
f:\windows\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll
f:\windows\system32\rkskt.sys
f:\windows\system32\rksocket.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthkgfltnbgrrpmvvidkyavbanloiiuaffr


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 10:09 . 2009-04-29 10:24 27648 ----a-w f:\windows\system32\lmppcsetup.exe
2009-04-28 23:03 . 2009-04-28 23:03 401720 ----a-w F:\HiJackThis.exe
2009-04-28 22:51 . 2009-04-28 22:51 251392 ----a-w F:\hijackthis_sfx.exe
2009-04-28 22:23 . 2009-04-29 12:13 -------- d-----w F:\SRN Micro
2009-04-28 22:23 . 2009-04-28 22:23 3559045 ----a-w F:\TrySolo.exe
2009-04-28 22:14 . 2009-04-28 22:14 39936 ----a-w f:\windows\system32\winglsetup.exe
2009-04-28 22:14 . 2009-04-28 22:14 664 ----a-w f:\windows\system32\d3d9caps.dat
2009-04-28 22:11 . 2008-06-19 15:24 28544 ----a-w f:\windows\system32\drivers\pavboot.sys
2009-04-28 22:10 . 2009-04-28 22:10 -------- d-----w f:\windows\LastGood.Tmp
2009-04-28 22:10 . 2009-04-28 22:10 -------- d-----w f:\program files\Panda Security
2009-04-28 22:10 . 2009-04-28 22:10 175504 ----a-w F:\activescan2_en.exe
2009-04-28 22:07 . 2009-04-28 22:07 -------- d-----w f:\documents and settings\All Users\Application Data\TEMP
2009-04-28 22:07 . 2005-08-25 18:18 118784 ----a-w f:\windows\system32\MSSTDFMT.DLL
2009-04-28 22:07 . 2009-04-28 22:07 -------- d-----w f:\program files\SpywareBlaster
2009-04-28 22:05 . 2009-04-28 22:05 3012768 ----a-w F:\spywareblastersetup42.exe
2009-04-28 14:41 . 2009-04-28 14:35 0 ----a-w f:\windows\system32\drivers\sptd.sys
2009-04-28 12:29 . 2009-04-28 12:29 3007805 ----a-w F:\ComboFix.exe
2009-04-28 12:05 . 2009-04-28 12:05 -------- d-----w f:\program files\Alwil Software
2009-04-28 12:03 . 2009-04-28 12:03 308160 ----a-w F:\avast_pro_setup.exe
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-----w F:\ATI
2009-04-28 11:45 . 2009-04-28 11:46 16177416 ----a-w F:\9-3_xp32_dd.exe
2009-04-28 10:58 . 2009-04-28 11:43 -------- d-----w f:\program files\Driver Checker
2009-04-28 00:57 . 2009-04-28 00:57 -------- d-----w F:\P4RKS-103
2009-04-28 00:45 . 2009-04-28 00:46 -------- d-----w F:\P4RKS-102
2009-04-27 23:52 . 2009-04-27 23:52 -------- d-----w F:\The.Ultimate.Fighter.S09E04.HDTV.DivX-BigTex
2009-04-27 23:06 . 2009-04-28 01:28 -------- d-----w F:\new jazz and rock albums
2009-04-27 19:09 . 2009-04-27 19:15 -------- d-----w F:\BB208
2009-04-27 18:38 . 2009-04-27 18:40 -------- d-----w F:\FG713
2009-04-27 17:17 . 2009-04-29 00:16 -------- d--h--w F:\$AVG8.VAULT$
2009-04-27 17:14 . 2009-04-27 17:14 10520 ----a-w f:\windows\system32\avgrsstx.dll
2009-04-27 17:14 . 2009-04-27 17:14 108552 ----a-w f:\windows\system32\drivers\avgtdix.sys
2009-04-27 17:14 . 2009-04-27 17:14 325640 ----a-w f:\windows\system32\drivers\avgldx86.sys
2009-04-27 17:14 . 2009-04-27 17:15 -------- d-----w f:\windows\system32\drivers\Avg
2009-04-27 17:13 . 2009-04-29 12:18 -------- d-----w f:\documents and settings\All Users\Application Data\avg8
2009-04-27 17:10 . 2009-04-27 17:10 -------- d-----w f:\program files\AVG
2009-04-27 17:10 . 2009-04-29 12:18 -------- d-----w f:\documents and settings\All Users\Application Data\avg7
2009-04-27 16:53 . 2009-04-27 16:53 -------- d-----w F:\Sperm_Lolita_Lesbian_Scene_1.wmv
2009-04-27 16:31 . 2009-04-27 16:37 63049904 ----a-w F:\avg_free_stf_en_85_285a1462.exe
2009-04-27 16:09 . 2009-04-27 16:09 -------- d--h--w f:\windows\system32\GroupPolicy
2009-04-27 16:07 . 2009-04-27 16:07 2701304 ----a-w F:\vbsetup.exe
2009-04-27 15:59 . 2009-04-27 15:59 -------- d-----w f:\program files\CCleaner
2009-04-27 15:58 . 2009-04-27 15:58 3190688 ----a-w F:\ccsetup218.exe
2009-04-27 15:52 . 2009-04-27 15:52 58000 ----a-w F:\mbam-clean.exe
2009-04-27 15:47 . 2009-04-27 15:47 -------- d-----w f:\documents and settings\Chas Agar\Application Data\Malwarebytes
2009-04-27 15:47 . 2009-04-06 14:32 15504 ----a-w f:\windows\system32\drivers\mbam.sys
2009-04-27 15:47 . 2009-04-06 14:32 38496 ----a-w f:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:47 . 2009-04-27 15:47 -------- d-----w f:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 15:47 . 2009-04-27 16:28 -------- d-----w f:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:47 . 2009-04-27 15:47 2967800 ----a-w F:\mbam-setup.exe
2009-04-27 00:27 . 2009-04-29 09:59 -------- d-----w f:\program files\Spybot - Search & Destroy
2009-04-27 00:27 . 2009-04-29 09:59 -------- d-----w f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-25 01:27 . 2009-04-25 01:28 -------- d-----w F:\30.Rock.S03E19.HDTV.XviD-LOL
2009-04-25 01:14 . 2009-04-25 01:15 -------- d-----w F:\30.Rock.S03E19.720p.HDTV.X264-DIMENSION
2009-04-25 00:33 . 2009-04-25 00:33 -------- d-----w F:\GB3P
2009-04-24 13:13 . 2009-04-24 13:14 -------- d-----w F:\the.office.523.hdtv-lol
2009-04-24 13:04 . 2009-04-24 13:04 -------- d-----w F:\st3thsrchfrspck
2009-04-23 15:16 . 2009-04-23 15:16 2619440 ----a-w F:\Spotify Installer.exe
2009-04-21 20:53 . 2009-04-21 20:53 -------- d-----w F:\Wu.The.Story.Of.The.Wu-Tang.Clan.2008.DVDRiP.XViD-BOSS
2009-04-21 16:33 . 2009-04-21 16:36 -------- d-----w f:\documents and settings\Chas Agar\Application Data\ImgBurn
2009-04-21 16:18 . 2009-04-21 16:18 -------- d-----w F:\UFC_2009_Undisputed_DEMO
2009-04-21 16:05 . 2009-04-21 16:05 -------- d-----w f:\program files\ImgBurn
2009-04-21 16:00 . 2009-04-21 16:00 2040451 ----a-w F:\SetupImgBurn_2.4.4.0.exe
2009-04-21 14:45 . 2003-01-27 13:27 94208 ----a-w f:\windows\system32\wmpuice.dll
2009-04-21 14:45 . 2008-08-24 20:33 69632 ----a-w f:\windows\cadSSaver.scr
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----w f:\program files\CD Art Display
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----w F:\setup2b5b275
2009-04-21 14:43 . 2009-04-21 14:43 273823 ----a-w F:\iTunesFolderWatchSetup2002.zip
2009-04-21 14:43 . 2009-04-21 14:43 1339654 ----a-w F:\setup2b5b275.zip
2009-04-21 14:39 . 2009-04-21 14:39 -------- d-----w F:\SkinitunesSkinTemplate(Blank)
2009-04-21 14:23 . 2009-04-21 14:23 -------- d-----w f:\program files\SkiniTunes
2009-04-21 14:23 . 2009-04-21 14:23 -------- d-----w f:\documents and settings\All Users\Application Data\SkiniTunes
2009-04-21 14:18 . 2009-04-21 14:19 3478528 ----a-w F:\SkiniTunesSetup.exe
2009-04-21 12:53 . 2009-04-21 12:53 -------- d-----w F:\British_Bukkake_Babes_2
2009-04-21 12:52 . 2009-04-21 12:53 -------- d-----w F:\British_Bukkake_Babes_1
2009-04-20 22:40 . 2009-04-20 22:40 -------- d-----w F:\MadRon
2009-04-20 18:47 . 2009-04-20 18:47 -------- d-----w F:\51
2009-04-20 18:47 . 2009-04-20 18:47 -------- d-----w F:\msn
2009-04-20 18:25 . 2009-04-20 18:25 5506888 ----a-w F:\msn.zip
2009-04-20 14:30 . 2009-04-20 14:30 -------- d-----w F:\Breaking.Bad.S02E07.Negro.Y.Azul.HDTV.XviD-FQM
2009-04-19 23:30 . 2009-04-19 23:30 -------- d-----w F:\30.Rock.S03E18
2009-04-19 22:57 . 2009-04-19 22:57 -------- d-----w F:\The.Office.S05E22.HDTV.XviD-LOL_20
2009-04-19 20:59 . 2009-04-19 21:03 -------- d-----w F:\ufc97w4f-plube
2009-04-17 16:13 . 2009-04-17 16:13 -------- d-----w F:\The.Ulitmate.Fighter.S09E03.SDTV.XviD-XWN
2009-04-16 11:32 . 2009-04-16 11:32 -------- d-----w F:\South.Park.S13E06.HDTV.XVID-BAJSKORV
2009-04-15 19:29 . 2008-05-03 11:55 2560 ------w f:\windows\system32\xpsp4res.dll
2009-04-15 12:24 . 2009-04-15 12:24 -------- d-----w F:\TCR-14409
2009-04-15 11:37 . 2009-04-15 11:38 -------- d-----w F:\TDS-14409
2009-04-15 11:30 . 2009-04-15 11:30 -------- d-----w F:\BigBoobsFatBooty.E81.Kerra.Dawson.XXX.WMV-KTR_mov-world.net
2009-04-14 23:30 . 2009-04-14 23:31 -------- d-----w F:\Parks.and.recreation.101.lol
2009-04-14 18:58 . 2009-04-14 18:58 -------- d-----w F:\aaf-tim.and.eric.s04e10.pdtv
2009-04-14 15:54 . 2009-04-27 11:32 -------- d-----w f:\documents and settings\All Users\Application Data\FLEXnet
2009-04-14 15:53 . 2009-04-14 15:53 -------- d-----w f:\program files\Common Files\Macrovision Shared
2009-04-14 15:53 . 2009-04-14 15:58 -------- d-----w f:\documents and settings\Chas Agar\Local Settings\Application Data\Adobe
2009-04-14 15:46 . 2009-04-14 15:54 -------- d-----w f:\program files\Common Files\Adobe
2009-04-14 15:36 . 2009-04-14 15:38 -------- d-----w F:\my_photos_collection_acrobat8_pro_CE
2009-04-14 15:15 . 2009-04-14 15:19 -------- d-----w F:\Stewart Lee's Comedy Vehicle
2009-04-13 23:28 . 2009-04-13 23:28 -------- d-----w F:\bB206
2009-04-13 02:09 . 2009-04-13 02:09 -------- d-----w F:\Family.Guy.S07E04.PDTV.XviD-2HD
2009-04-13 01:27 . 2009-04-13 01:27 -------- d-----w F:\LBDOp3p
2009-04-13 01:24 . 2009-04-13 01:24 -------- d-----w F:\DF_dannioneal
2009-04-13 01:24 . 2009-04-13 01:24 -------- d-----w F:\Dani_Bloopers
2009-04-13 01:24 . 2009-04-13 01:25 -------- d-----w F:\Basic_Instinct
2009-04-13 00:11 . 2009-04-13 00:11 -------- d-----w F:\RD.0903.hayley
2009-04-12 19:02 . 2009-04-12 19:02 -------- d-----w F:\The.Ultimate.Fighter.S09E02.HDTV.XviD-aAF
2009-04-12 17:59 . 2009-04-12 17:59 -------- d-----w F:\Disc 1 - STREET FIGHTER II PERFECT ORIGINAL VERSION
2009-04-12 13:31 . 2009-04-12 13:31 -------- d-----w f:\program files\rNSV for RealPlayer
2009-04-12 13:29 . 2009-04-12 13:31 -------- d-----w f:\program files\Common Files\NSV
2009-04-12 13:26 . 2009-04-12 13:26 -------- d-----w f:\documents and settings\Chas Agar\Application Data\vlc
2009-04-12 13:22 . 2009-04-12 13:22 9914224 ----a-w F:\winamp5551_full_emusic-7plus_en-us.exe
2009-04-12 00:27 . 2009-04-12 00:27 -------- d-----w F:\30.Rock.S03E17
2009-04-11 12:40 . 2009-04-11 12:40 -------- d-----w F:\Terminator.The.Sarah.Connor.Chronicles.S02E22.HDTV.XviD-2HD
2009-04-10 11:39 . 2009-04-10 11:39 -------- d-----w F:\TCR-08409
2009-04-10 11:38 . 2009-04-10 11:38 -------- d-----w F:\TDS-08409
2009-04-10 10:13 . 2009-04-10 10:15 -------- d-----w F:\South.Park.S13E05.DSR.XviD-0TV
2009-04-09 01:27 . 2009-04-09 01:27 -------- d-----w F:\fg703.moviex
2009-04-09 01:21 . 2009-04-09 01:21 -------- d-----w F:\family.guy.702.kingstar
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w F:\F.I.T.W.G.Y.DVDRip.XviD
2009-04-08 12:13 . 2009-04-08 12:13 -------- d-----w F:\TCR-07409
2009-04-08 11:56 . 2009-04-08 11:57 -------- d-----w F:\TDS-07409
2009-04-07 23:08 . 2009-04-07 23:08 -------- d-----w F:\MM102
2009-04-07 23:06 . 2009-04-07 23:06 -------- d-----w F:\TCR-06409
2009-04-07 23:06 . 2009-04-07 23:06 -------- d-----w F:\TDS-06409
2009-04-07 21:36 . 2009-04-10 18:23 -------- d-----w F:\this is the news
2009-04-07 18:25 . 2009-04-07 18:25 -------- d-----w F:\Scott.Walker.30.Century.Man.2006.LiMiTED.DVDRiP.XViD-WPi.talqwe
2009-04-07 13:58 . 2009-04-07 13:58 -------- d-----w F:\Tyson.2009.DvdRip.Xvid.iNDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 10:10 . 2008-06-21 21:20 -------- d-----w f:\program files\Common Files\Wise Installation Wizard
2009-04-28 11:46 . 2008-06-21 20:25 -------- d-----w f:\program files\Common Files\InstallShield
2009-04-28 11:46 . 2008-06-21 20:26 -------- d--h--w f:\program files\InstallShield Installation Information
2009-04-27 20:45 . 2009-01-24 02:18 -------- d-----w f:\program files\PeerGuardian2
2009-04-15 08:04 . 2008-06-21 21:48 23032 ----a-w f:\documents and settings\Chas Agar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 02:39 . 2009-03-09 18:21 193920 ----a-w f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-12 13:51 . 2008-06-21 19:40 -------- d-----w f:\program files\Combined Community Codec Pack
2009-04-12 12:57 . 2008-12-28 14:18 -------- d-----w f:\program files\Dropbox
2009-04-04 13:35 . 2008-08-17 20:56 -------- d-----w f:\program files\Java
2009-04-01 16:02 . 2008-06-25 21:58 -------- d-----w f:\program files\Foxit Software
2009-03-29 22:53 . 2009-03-29 22:53 5026661 ----a-w F:\34hh.zip
2009-03-29 22:46 . 2009-03-29 22:41 125660320 ----a-w F:\45646467.wmv.zip
2009-03-28 08:55 . 2008-07-20 17:09 -------- d-----w f:\program files\Last.fm
2009-03-22 16:26 . 2009-03-22 16:25 8278323 ----a-w F:\ipdl.exe
2009-03-22 13:44 . 2009-03-22 13:44 -------- d-----w f:\program files\ODEON
2009-03-22 13:43 . 2009-03-22 13:38 21221849 ----a-w F:\5800 Debranding Apps.zip
2009-03-15 13:42 . 2009-03-15 13:32 112180673 ----a-w F:\Sweet.Sixteen.2002.DVDRip.XviD-r0ck3d.zip
2009-03-15 11:57 . 2009-03-15 11:47 112466174 ----a-w F:\OUAT_in_the_Midlands_byJayCam.zip
2009-03-12 23:04 . 2009-03-12 23:04 22328 ----a-w f:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 23:04 . 2009-03-12 23:04 22328 ----a-w f:\documents and settings\Chas Agar\Application Data\PnkBstrK.sys
2009-03-12 23:04 . 2009-03-12 23:03 107832 ----a-w f:\windows\system32\PnkBstrB.exe
2009-03-12 23:03 . 2009-03-12 23:03 66872 ----a-w f:\windows\system32\PnkBstrA.exe
2009-03-12 23:03 . 2009-03-12 23:03 2246144 ----a-w f:\windows\system32\pbsvc.exe
2009-03-11 22:08 . 2009-03-11 22:08 -------- d-----w f:\program files\Lonely Cat Games
2009-03-11 22:06 . 2009-03-11 22:06 1929019 ----a-w F:\smartmovie_symbian_lcg_4_01.zip
2009-03-11 21:50 . 2009-03-11 21:50 -------- d-----w f:\program files\Red Kawa
2009-03-11 21:49 . 2009-03-11 21:46 8664700 ----a-w F:\pspvideo9-406-setup.exe
2009-03-11 19:32 . 2009-03-11 19:32 126912 ----a-w F:\WinRaR.zip
2009-03-11 00:12 . 2009-03-11 00:12 32524 ----a-w F:\JCVD.LIMITED.DVDRip.XviD-NEPTUNE-English-subtitlesource.org.zip
2009-03-11 00:01 . 2009-03-11 00:01 -------- d-----w f:\program files\MSXML 4.0
2009-03-09 19:30 . 2009-03-09 18:26 -------- d-----w f:\program files\Nokia
2009-03-09 19:28 . 2009-03-09 18:30 -------- d-----w f:\program files\Common Files\Nokia
2009-03-09 19:24 . 2009-03-09 19:24 0 ---ha-w f:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-09 19:24 . 2009-03-09 19:24 0 ---ha-w f:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-09 18:49 . 2009-03-09 18:49 -------- d-----w f:\program files\MSXML 6.0
2009-03-09 18:31 . 2009-03-09 18:30 -------- d-----w f:\program files\Common Files\muvee Technologies
2009-03-09 18:28 . 2009-03-09 18:28 -------- d-----w f:\program files\DIFX
2009-03-09 18:20 . 2009-03-09 18:20 -------- d-----w f:\program files\MSBuild
2009-03-09 18:20 . 2009-03-09 18:20 -------- d-----w f:\program files\Reference Assemblies
2009-03-09 04:19 . 2008-12-30 18:21 410984 ----a-w f:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2008-04-14 02:42 284160 ----a-w f:\windows\system32\pdh.dll
2009-03-01 01:16 . 2009-03-01 01:16 -------- d-----w f:\program files\JRE
2009-03-01 01:16 . 2009-03-01 01:16 -------- d-----w f:\program files\OpenOffice.org 3
2009-03-01 01:11 . 2009-03-01 01:07 149353184 ----a-w F:\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
2009-02-23 20:15 . 2009-02-23 20:14 2652452 ----a-w F:\ROM CHECK FAIL Setup.exe
2009-02-20 08:10 . 2008-04-14 02:42 666112 ----a-w f:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 02:41 81920 ----a-w f:\windows\system32\ieencode.dll
2009-02-16 12:31 . 2009-02-16 12:31 2078396 ----a-w F:\New Compressed (zipped) Folder.zip
2009-02-15 17:16 . 2009-02-15 17:13 51522245 ----a-w F:\ghosts.zip
2009-02-09 12:10 . 2008-04-14 02:41 729088 ----a-w f:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 02:42 401408 ----a-w f:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-04-14 02:41 617472 ----a-w f:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 02:41 714752 ----a-w f:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2008-04-13 22:00 1846784 ----a-w f:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-04-14 02:42 110592 ----a-w f:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-13 21:54 2145280 ----a-w f:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w f:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w f:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 02:42 56832 ----a-w f:\windows\system32\secur32.dll
2009-02-02 17:58 . 2009-02-02 17:57 8771320 ----a-w F:\TypingMaster700.exe
2008-08-17 19:27 . 2008-08-17 19:27 53248 ----a-w f:\program files\rpau3260.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w f:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w f:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w f:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="f:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8094"="command" [X]
"SpybotDeletingD689"="del" [X]
"SpybotDeletingB3783"="command" [X]
"SpybotDeletingD2317"="del" [X]
"SpybotDeletingB498"="command" [X]
"SpybotDeletingD4794"="del" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="f:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Nokia FastStart"="f:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-27 1932568]
"SoloSentry"="f:\srnmic~1\SOLOSENT.EXE" [2008-10-20 77824]
"SoloSchedule"="f:\srnmic~1\SOLOCFG.EXE" [2008-12-29 303104]
"C-Media Mixer"="Mixer.exe" - f:\windows\mixer.exe [2002-10-15 1818624]
"SoundMan"="SOUNDMAN.EXE" - f:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - f:\windows\system32\narrator.exe [2008-04-14 53760]

f:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ChkDisk.dll [2009-4-29 24064]

f:\documents and settings\Chas Agar\Start Menu\Programs\Startup\
Dropbox.lnk - f:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - f:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-4-14 295606]
Adobe Acrobat Synchronizer.lnk - f:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-27 17:14 10520 ----a-w f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"f:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"f:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 pavboot;pavboot;f:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\System32\Drivers\avgldx86.sys [2009-04-27 325640]
R1 rkskt;Raw Socket Filtering Driver; [x]
R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [2009-04-27 908056]
R2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-27 298264]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;f:\windows\system32\Drivers\hcw88rc5.sys [2007-01-24 11776]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;f:\windows\system32\drivers\hcw88tun.sys [2007-01-24 149504]
R3 hcw88vid;Hauppauge WinTV 88x Video;f:\windows\system32\drivers\hcw88vid.sys [2007-01-24 498176]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;f:\windows\system32\drivers\HCW88BAR.sys [2007-01-24 23552]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\System32\Drivers\avgtdix.sys [2009-04-27 108552]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-04-28 f:\windows\Tasks\WGASetup.job
- f:\windows\system32\KB905474\wgasetup.exe [2009-03-26 22:18]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-autochk - f:\windows\system32\autochk.dll
HKU-Default-Run-A00FE0347.exe - f:\windows\TEMP\_A00FE0347.exe
HKU-Default-Run-autochk - f:\windows\system32\config\SYSTEM~1\protect.dll
Notify-__c008D358 - f:\windows\system32\__c008D358.dat


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 14:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(876)
f:\program files\Dropbox\DropboxExt.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Lavasoft\Ad-Aware\aawservice.exe
.
**************************************************************************
.
Completion time: 2009-04-29 14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 13:26

Pre-Run: 46,989,926,400 bytes free
Post-Run: 46,955,859,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

380 --- E O F --- 2009-04-16 02:03


And heres the following hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:44, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
F:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "F:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoloSentry] F:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] F:\SRNMIC~1\SOLOCFG.EXE
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8094] command /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD689] cmd /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3783] command /c del "F:\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2317] cmd /c del "F:\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB498] command /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4794] cmd /c del "F:\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - F:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6693 bytes


Hope that helps.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 April 2009 - 12:22 PM

Tell me, what do you know about these files? Please delete them if you don't know anything about them..

F:\45646467.wmv.zip
F:\34hh.zip




1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
rkskt

File::
f:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
F:\TypingMaster700.exe
f:\windows\system32\lmppcsetup.exe
f:\windows\system32\winglsetup.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8094"=-
"SpybotDeletingD689"=-
"SpybotDeletingB3783"=-
"SpybotDeletingD2317"=-
"SpybotDeletingB498"=-
"SpybotDeletingD4794"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 swordfishtrombone

swordfishtrombone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2009 - 12:54 PM

Seems to be working. I forgot to press f8 to enter safe mode upon rebooting but I sucessfully booted up in normal mode, which hasn't happened for a while. Thanks very much. Here are the logs:

Combofix:

ComboFix 09-04-29.01 - Chas Agar 29/04/2009 18:32.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.314 [GMT 1:00]
Running from: f:\documents and settings\Chas Agar\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Chas Agar\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FILE ::
F:\TypingMaster700.exe
f:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
f:\windows\system32\lmppcsetup.exe
f:\windows\system32\winglsetup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\TypingMaster700.exe
f:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
f:\windows\system32\lmppcsetup.exe
f:\windows\system32\winglsetup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKSKT
-------\Service_rkskt


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 23:03 . 2009-04-28 23:03 401720 ----a-w F:\HiJackThis.exe
2009-04-28 22:51 . 2009-04-28 22:51 251392 ----a-w F:\hijackthis_sfx.exe
2009-04-28 22:23 . 2009-04-29 17:39 -------- d-----w F:\SRN Micro
2009-04-28 22:23 . 2009-04-28 22:23 3559045 ----a-w F:\TrySolo.exe
2009-04-28 22:14 . 2009-04-29 14:48 664 ----a-w f:\windows\system32\d3d9caps.dat
2009-04-28 22:11 . 2008-06-19 15:24 28544 ----a-w f:\windows\system32\drivers\pavboot.sys
2009-04-28 22:10 . 2009-04-28 22:10 -------- d-----w f:\program files\Panda Security
2009-04-28 22:10 . 2009-04-28 22:10 175504 ----a-w F:\activescan2_en.exe
2009-04-28 22:07 . 2009-04-28 22:07 -------- d-----w f:\documents and settings\All Users\Application Data\TEMP
2009-04-28 22:07 . 2005-08-25 18:18 118784 ----a-w f:\windows\system32\MSSTDFMT.DLL
2009-04-28 22:07 . 2009-04-28 22:07 -------- d-----w f:\program files\SpywareBlaster
2009-04-28 22:05 . 2009-04-28 22:05 3012768 ----a-w F:\spywareblastersetup42.exe
2009-04-28 14:41 . 2009-04-28 14:35 0 ----a-w f:\windows\system32\drivers\sptd.sys
2009-04-28 12:29 . 2009-04-28 12:29 3007805 ----a-w F:\ComboFix.exe
2009-04-28 12:05 . 2009-04-28 12:05 -------- d-----w f:\program files\Alwil Software
2009-04-28 12:03 . 2009-04-28 12:03 308160 ----a-w F:\avast_pro_setup.exe
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-----w F:\ATI
2009-04-28 11:45 . 2009-04-28 11:46 16177416 ----a-w F:\9-3_xp32_dd.exe
2009-04-28 10:58 . 2009-04-28 11:43 -------- d-----w f:\program files\Driver Checker
2009-04-28 00:57 . 2009-04-28 00:57 -------- d-----w F:\P4RKS-103
2009-04-28 00:45 . 2009-04-28 00:46 -------- d-----w F:\P4RKS-102
2009-04-27 23:52 . 2009-04-27 23:52 -------- d-----w F:\The.Ultimate.Fighter.S09E04.HDTV.DivX-BigTex
2009-04-27 23:06 . 2009-04-28 01:28 -------- d-----w F:\new jazz and rock albums
2009-04-27 19:09 . 2009-04-27 19:15 -------- d-----w F:\BB208
2009-04-27 18:38 . 2009-04-27 18:40 -------- d-----w F:\FG713
2009-04-27 17:17 . 2009-04-29 00:16 -------- d--h--w F:\$AVG8.VAULT$
2009-04-27 17:14 . 2009-04-27 17:14 10520 ----a-w f:\windows\system32\avgrsstx.dll
2009-04-27 17:14 . 2009-04-27 17:14 108552 ----a-w f:\windows\system32\drivers\avgtdix.sys
2009-04-27 17:14 . 2009-04-27 17:14 325640 ----a-w f:\windows\system32\drivers\avgldx86.sys
2009-04-27 17:14 . 2009-04-29 17:39 -------- d-----w f:\windows\system32\drivers\Avg
2009-04-27 17:13 . 2009-04-29 17:37 -------- d-----w f:\documents and settings\All Users\Application Data\avg8
2009-04-27 17:10 . 2009-04-27 17:10 -------- d-----w f:\program files\AVG
2009-04-27 17:10 . 2009-04-29 12:18 -------- d-----w f:\documents and settings\All Users\Application Data\avg7
2009-04-27 16:53 . 2009-04-27 16:53 -------- d-----w F:\Sperm_Lolita_Lesbian_Scene_1.wmv
2009-04-27 16:31 . 2009-04-27 16:37 63049904 ----a-w F:\avg_free_stf_en_85_285a1462.exe
2009-04-27 16:09 . 2009-04-27 16:09 -------- d--h--w f:\windows\system32\GroupPolicy
2009-04-27 16:07 . 2009-04-27 16:07 2701304 ----a-w F:\vbsetup.exe
2009-04-27 15:59 . 2009-04-27 15:59 -------- d-----w f:\program files\CCleaner
2009-04-27 15:58 . 2009-04-27 15:58 3190688 ----a-w F:\ccsetup218.exe
2009-04-27 15:52 . 2009-04-27 15:52 58000 ----a-w F:\mbam-clean.exe
2009-04-27 15:47 . 2009-04-27 15:47 -------- d-----w f:\documents and settings\Chas Agar\Application Data\Malwarebytes
2009-04-27 15:47 . 2009-04-06 14:32 15504 ----a-w f:\windows\system32\drivers\mbam.sys
2009-04-27 15:47 . 2009-04-06 14:32 38496 ----a-w f:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:47 . 2009-04-27 15:47 -------- d-----w f:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 15:47 . 2009-04-27 16:28 -------- d-----w f:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:47 . 2009-04-27 15:47 2967800 ----a-w F:\mbam-setup.exe
2009-04-27 00:27 . 2009-04-29 09:59 -------- d-----w f:\program files\Spybot - Search & Destroy
2009-04-27 00:27 . 2009-04-29 09:59 -------- d-----w f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-25 01:27 . 2009-04-25 01:28 -------- d-----w F:\30.Rock.S03E19.HDTV.XviD-LOL
2009-04-25 01:14 . 2009-04-25 01:15 -------- d-----w F:\30.Rock.S03E19.720p.HDTV.X264-DIMENSION
2009-04-25 00:33 . 2009-04-25 00:33 -------- d-----w F:\GB3P
2009-04-24 13:13 . 2009-04-24 13:14 -------- d-----w F:\the.office.523.hdtv-lol
2009-04-24 13:04 . 2009-04-24 13:04 -------- d-----w F:\st3thsrchfrspck
2009-04-23 15:16 . 2009-04-23 15:16 2619440 ----a-w F:\Spotify Installer.exe
2009-04-21 20:53 . 2009-04-21 20:53 -------- d-----w F:\Wu.The.Story.Of.The.Wu-Tang.Clan.2008.DVDRiP.XViD-BOSS
2009-04-21 16:33 . 2009-04-21 16:36 -------- d-----w f:\documents and settings\Chas Agar\Application Data\ImgBurn
2009-04-21 16:18 . 2009-04-21 16:18 -------- d-----w F:\UFC_2009_Undisputed_DEMO
2009-04-21 16:05 . 2009-04-21 16:05 -------- d-----w f:\program files\ImgBurn
2009-04-21 16:00 . 2009-04-21 16:00 2040451 ----a-w F:\SetupImgBurn_2.4.4.0.exe
2009-04-21 14:45 . 2003-01-27 13:27 94208 ----a-w f:\windows\system32\wmpuice.dll
2009-04-21 14:45 . 2008-08-24 20:33 69632 ----a-w f:\windows\cadSSaver.scr
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----w f:\program files\CD Art Display
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----w F:\setup2b5b275
2009-04-21 14:43 . 2009-04-21 14:43 273823 ----a-w F:\iTunesFolderWatchSetup2002.zip
2009-04-21 14:43 . 2009-04-21 14:43 1339654 ----a-w F:\setup2b5b275.zip
2009-04-21 14:39 . 2009-04-21 14:39 -------- d-----w F:\SkinitunesSkinTemplate(Blank)
2009-04-21 14:23 . 2009-04-21 14:23 -------- d-----w f:\program files\SkiniTunes
2009-04-21 14:23 . 2009-04-21 14:23 -------- d-----w f:\documents and settings\All Users\Application Data\SkiniTunes
2009-04-21 14:18 . 2009-04-21 14:19 3478528 ----a-w F:\SkiniTunesSetup.exe
2009-04-21 12:53 . 2009-04-21 12:53 -------- d-----w F:\British_Bukkake_Babes_2
2009-04-21 12:52 . 2009-04-21 12:53 -------- d-----w F:\British_Bukkake_Babes_1
2009-04-20 22:40 . 2009-04-20 22:40 -------- d-----w F:\MadRon
2009-04-20 18:47 . 2009-04-20 18:47 -------- d-----w F:\51
2009-04-20 18:47 . 2009-04-20 18:47 -------- d-----w F:\msn
2009-04-20 14:30 . 2009-04-20 14:30 -------- d-----w F:\Breaking.Bad.S02E07.Negro.Y.Azul.HDTV.XviD-FQM
2009-04-19 23:30 . 2009-04-19 23:30 -------- d-----w F:\30.Rock.S03E18
2009-04-19 22:57 . 2009-04-19 22:57 -------- d-----w F:\The.Office.S05E22.HDTV.XviD-LOL_20
2009-04-19 20:59 . 2009-04-19 21:03 -------- d-----w F:\ufc97w4f-plube
2009-04-17 16:13 . 2009-04-17 16:13 -------- d-----w F:\The.Ulitmate.Fighter.S09E03.SDTV.XviD-XWN
2009-04-16 11:32 . 2009-04-16 11:32 -------- d-----w F:\South.Park.S13E06.HDTV.XVID-BAJSKORV
2009-04-15 19:29 . 2008-05-03 11:55 2560 ------w f:\windows\system32\xpsp4res.dll
2009-04-15 12:24 . 2009-04-15 12:24 -------- d-----w F:\TCR-14409
2009-04-15 11:37 . 2009-04-15 11:38 -------- d-----w F:\TDS-14409
2009-04-15 11:30 . 2009-04-15 11:30 -------- d-----w F:\BigBoobsFatBooty.E81.Kerra.Dawson.XXX.WMV-KTR_mov-world.net
2009-04-14 23:30 . 2009-04-14 23:31 -------- d-----w F:\Parks.and.recreation.101.lol
2009-04-14 18:58 . 2009-04-14 18:58 -------- d-----w F:\aaf-tim.and.eric.s04e10.pdtv
2009-04-14 15:54 . 2009-04-27 11:32 -------- d-----w f:\documents and settings\All Users\Application Data\FLEXnet
2009-04-14 15:53 . 2009-04-14 15:53 -------- d-----w f:\program files\Common Files\Macrovision Shared
2009-04-14 15:53 . 2009-04-14 15:58 -------- d-----w f:\documents and settings\Chas Agar\Local Settings\Application Data\Adobe
2009-04-14 15:46 . 2009-04-14 15:54 -------- d-----w f:\program files\Common Files\Adobe
2009-04-14 15:36 . 2009-04-14 15:38 -------- d-----w F:\my_photos_collection_acrobat8_pro_CE
2009-04-14 15:15 . 2009-04-14 15:19 -------- d-----w F:\Stewart Lee's Comedy Vehicle
2009-04-13 23:28 . 2009-04-13 23:28 -------- d-----w F:\bB206
2009-04-13 02:09 . 2009-04-13 02:09 -------- d-----w F:\Family.Guy.S07E04.PDTV.XviD-2HD
2009-04-13 01:27 . 2009-04-13 01:27 -------- d-----w F:\LBDOp3p
2009-04-13 01:24 . 2009-04-13 01:24 -------- d-----w F:\DF_dannioneal
2009-04-13 01:24 . 2009-04-13 01:24 -------- d-----w F:\Dani_Bloopers
2009-04-13 01:24 . 2009-04-13 01:25 -------- d-----w F:\Basic_Instinct
2009-04-13 00:11 . 2009-04-13 00:11 -------- d-----w F:\RD.0903.hayley
2009-04-12 19:02 . 2009-04-12 19:02 -------- d-----w F:\The.Ultimate.Fighter.S09E02.HDTV.XviD-aAF
2009-04-12 17:59 . 2009-04-12 17:59 -------- d-----w F:\Disc 1 - STREET FIGHTER II PERFECT ORIGINAL VERSION
2009-04-12 13:31 . 2009-04-12 13:31 -------- d-----w f:\program files\rNSV for RealPlayer
2009-04-12 13:29 . 2009-04-12 13:31 -------- d-----w f:\program files\Common Files\NSV
2009-04-12 13:26 . 2009-04-12 13:26 -------- d-----w f:\documents and settings\Chas Agar\Application Data\vlc
2009-04-12 13:22 . 2009-04-12 13:22 9914224 ----a-w F:\winamp5551_full_emusic-7plus_en-us.exe
2009-04-12 00:27 . 2009-04-12 00:27 -------- d-----w F:\30.Rock.S03E17
2009-04-11 12:40 . 2009-04-11 12:40 -------- d-----w F:\Terminator.The.Sarah.Connor.Chronicles.S02E22.HDTV.XviD-2HD
2009-04-10 11:39 . 2009-04-10 11:39 -------- d-----w F:\TCR-08409
2009-04-10 11:38 . 2009-04-10 11:38 -------- d-----w F:\TDS-08409
2009-04-10 10:13 . 2009-04-10 10:15 -------- d-----w F:\South.Park.S13E05.DSR.XviD-0TV
2009-04-09 01:27 . 2009-04-09 01:27 -------- d-----w F:\fg703.moviex
2009-04-09 01:21 . 2009-04-09 01:21 -------- d-----w F:\family.guy.702.kingstar
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w F:\F.I.T.W.G.Y.DVDRip.XviD
2009-04-08 12:13 . 2009-04-08 12:13 -------- d-----w F:\TCR-07409
2009-04-08 11:56 . 2009-04-08 11:57 -------- d-----w F:\TDS-07409
2009-04-07 23:08 . 2009-04-07 23:08 -------- d-----w F:\MM102
2009-04-07 23:06 . 2009-04-07 23:06 -------- d-----w F:\TCR-06409
2009-04-07 23:06 . 2009-04-07 23:06 -------- d-----w F:\TDS-06409
2009-04-07 21:36 . 2009-04-10 18:23 -------- d-----w F:\this is the news
2009-04-07 18:25 . 2009-04-07 18:25 -------- d-----w F:\Scott.Walker.30.Century.Man.2006.LiMiTED.DVDRiP.XViD-WPi.talqwe
2009-04-07 13:58 . 2009-04-07 13:58 -------- d-----w F:\Tyson.2009.DvdRip.Xvid.iNDIA
2009-04-07 01:18 . 2009-04-07 01:19 -------- d-----w F:\FG707
2009-04-07 01:18 . 2009-04-07 01:19 -------- d-----w F:\FG706
2009-04-07 00:46 . 2009-04-07 00:46 -------- d-----w F:\Chinatown.1974.DVDRip.AC3.XviD.CD1
2009-04-06 16:25 . 2009-04-06 16:26 -------- d-----w F:\breaking.bad.s02e05.hdtv.xvid-fqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 17:39 . 2009-01-24 02:18 -------- d-----w f:\program files\PeerGuardian2
2009-04-29 10:10 . 2008-06-21 21:20 -------- d-----w f:\program files\Common Files\Wise Installation Wizard
2009-04-28 11:46 . 2008-06-21 20:25 -------- d-----w f:\program files\Common Files\InstallShield
2009-04-28 11:46 . 2008-06-21 20:26 -------- d--h--w f:\program files\InstallShield Installation Information
2009-04-15 08:04 . 2008-06-21 21:48 23032 ----a-w f:\documents and settings\Chas Agar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 02:39 . 2009-03-09 18:21 193920 ----a-w f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-12 13:51 . 2008-06-21 19:40 -------- d-----w f:\program files\Combined Community Codec Pack
2009-04-12 12:57 . 2008-12-28 14:18 -------- d-----w f:\program files\Dropbox
2009-04-04 13:35 . 2008-08-17 20:56 -------- d-----w f:\program files\Java
2009-04-01 16:02 . 2008-06-25 21:58 -------- d-----w f:\program files\Foxit Software
2009-03-28 08:55 . 2008-07-20 17:09 -------- d-----w f:\program files\Last.fm
2009-03-22 16:26 . 2009-03-22 16:25 8278323 ----a-w F:\ipdl.exe
2009-03-22 13:44 . 2009-03-22 13:44 -------- d-----w f:\program files\ODEON
2009-03-22 13:43 . 2009-03-22 13:38 21221849 ----a-w F:\5800 Debranding Apps.zip
2009-03-15 13:42 . 2009-03-15 13:32 112180673 ----a-w F:\Sweet.Sixteen.2002.DVDRip.XviD-r0ck3d.zip
2009-03-15 11:57 . 2009-03-15 11:47 112466174 ----a-w F:\OUAT_in_the_Midlands_byJayCam.zip
2009-03-12 23:04 . 2009-03-12 23:04 22328 ----a-w f:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 23:04 . 2009-03-12 23:04 22328 ----a-w f:\documents and settings\Chas Agar\Application Data\PnkBstrK.sys
2009-03-12 23:04 . 2009-03-12 23:03 107832 ----a-w f:\windows\system32\PnkBstrB.exe
2009-03-12 23:03 . 2009-03-12 23:03 66872 ----a-w f:\windows\system32\PnkBstrA.exe
2009-03-12 23:03 . 2009-03-12 23:03 2246144 ----a-w f:\windows\system32\pbsvc.exe
2009-03-11 22:08 . 2009-03-11 22:08 -------- d-----w f:\program files\Lonely Cat Games
2009-03-11 22:06 . 2009-03-11 22:06 1929019 ----a-w F:\smartmovie_symbian_lcg_4_01.zip
2009-03-11 21:50 . 2009-03-11 21:50 -------- d-----w f:\program files\Red Kawa
2009-03-11 21:49 . 2009-03-11 21:46 8664700 ----a-w F:\pspvideo9-406-setup.exe
2009-03-11 19:32 . 2009-03-11 19:32 126912 ----a-w F:\WinRaR.zip
2009-03-11 00:12 . 2009-03-11 00:12 32524 ----a-w F:\JCVD.LIMITED.DVDRip.XviD-NEPTUNE-English-subtitlesource.org.zip
2009-03-11 00:01 . 2009-03-11 00:01 -------- d-----w f:\program files\MSXML 4.0
2009-03-09 19:30 . 2009-03-09 18:26 -------- d-----w f:\program files\Nokia
2009-03-09 19:28 . 2009-03-09 18:30 -------- d-----w f:\program files\Common Files\Nokia
2009-03-09 19:24 . 2009-03-09 19:24 0 ---ha-w f:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-09 19:24 . 2009-03-09 19:24 0 ---ha-w f:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-09 18:49 . 2009-03-09 18:49 -------- d-----w f:\program files\MSXML 6.0
2009-03-09 18:31 . 2009-03-09 18:30 -------- d-----w f:\program files\Common Files\muvee Technologies
2009-03-09 18:28 . 2009-03-09 18:28 -------- d-----w f:\program files\DIFX
2009-03-09 18:20 . 2009-03-09 18:20 -------- d-----w f:\program files\MSBuild
2009-03-09 18:20 . 2009-03-09 18:20 -------- d-----w f:\program files\Reference Assemblies
2009-03-09 04:19 . 2008-12-30 18:21 410984 ----a-w f:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2008-04-14 02:42 284160 ----a-w f:\windows\system32\pdh.dll
2009-03-01 01:16 . 2009-03-01 01:16 -------- d-----w f:\program files\JRE
2009-03-01 01:16 . 2009-03-01 01:16 -------- d-----w f:\program files\OpenOffice.org 3
2009-03-01 01:11 . 2009-03-01 01:07 149353184 ----a-w F:\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
2009-02-23 20:15 . 2009-02-23 20:14 2652452 ----a-w F:\ROM CHECK FAIL Setup.exe
2009-02-20 08:10 . 2008-04-14 02:42 666112 ----a-w f:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 02:41 81920 ----a-w f:\windows\system32\ieencode.dll
2009-02-16 12:31 . 2009-02-16 12:31 2078396 ----a-w F:\New Compressed (zipped) Folder.zip
2009-02-15 17:16 . 2009-02-15 17:13 51522245 ----a-w F:\ghosts.zip
2009-02-09 12:10 . 2008-04-14 02:41 729088 ----a-w f:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 02:42 401408 ----a-w f:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-04-14 02:41 617472 ----a-w f:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 02:41 714752 ----a-w f:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2008-04-13 22:00 1846784 ----a-w f:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-04-14 02:42 110592 ----a-w f:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-13 21:54 2145280 ----a-w f:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w f:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w f:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 02:42 56832 ----a-w f:\windows\system32\secur32.dll
2008-08-17 19:27 . 2008-08-17 19:27 53248 ----a-w f:\program files\rpau3260.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_13.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 17:37 . 2009-04-29 17:37 16384 f:\windows\temp\Perflib_Perfdata_6c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w f:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w f:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w f:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="f:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="f:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Nokia FastStart"="f:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-27 1932568]
"SoloSentry"="f:\srnmic~1\SOLOSENT.EXE" [2008-10-20 77824]
"SoloSchedule"="f:\srnmic~1\SOLOCFG.EXE" [2008-12-29 303104]
"C-Media Mixer"="Mixer.exe" - f:\windows\mixer.exe [2002-10-15 1818624]
"SoundMan"="SOUNDMAN.EXE" - f:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - f:\windows\system32\narrator.exe [2008-04-14 53760]

f:\documents and settings\Chas Agar\Start Menu\Programs\Startup\
Dropbox.lnk - f:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - f:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-4-14 295606]
Adobe Acrobat Synchronizer.lnk - f:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-27 17:14 10520 ----a-w f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"f:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"f:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S0 pavboot;pavboot;f:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\System32\Drivers\avgldx86.sys [2009-04-27 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\System32\Drivers\avgtdix.sys [2009-04-27 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [2009-04-27 908056]
S2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-27 298264]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;f:\windows\system32\Drivers\hcw88rc5.sys [2007-01-24 11776]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;f:\windows\system32\drivers\hcw88tun.sys [2007-01-24 149504]
S3 hcw88vid;Hauppauge WinTV 88x Video;f:\windows\system32\drivers\hcw88vid.sys [2007-01-24 498176]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;f:\windows\system32\drivers\HCW88BAR.sys [2007-01-24 23552]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
*NewlyCreated* - PGFILTER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-04-29 f:\windows\Tasks\WGASetup.job
- f:\windows\system32\KB905474\wgasetup.exe [2009-03-26 22:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 18:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3372)
f:\program files\Dropbox\DropboxExt.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\ati2evxx.exe
f:\program files\Lavasoft\Ad-Aware\aawservice.exe
f:\windows\system32\ati2evxx.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Hotspot Shield\bin\openvpnas.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\PnkBstrA.exe
f:\windows\system32\PnkBstrB.exe
f:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
f:\program files\iPod\bin\iPodService.exe
f:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
f:\windows\system32\wscntfy.exe
f:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
f:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
f:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
f:\program files\AVG\AVG8\avgrsx.exe
f:\progra~1\AVG\AVG8\avgnsx.exe
f:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-04-29 18:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 17:48
ComboFix2.txt 2009-04-29 13:27

Pre-Run: 66,416,070,656 bytes free
Post-Run: 66,331,992,064 bytes free

374 --- E O F --- 2009-04-16 02:03


Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:41, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Hotspot Shield\bin\openvpnas.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Mixer.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
F:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
F:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "F:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoloSentry] F:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] F:\SRNMIC~1\SOLOCFG.EXE
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = F:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - F:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7147 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 April 2009 - 01:06 PM

Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 swordfishtrombone

swordfishtrombone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2009 - 07:12 PM

Is there any alternative to this program? I've tried it 3 times, and it gets about 1% in then just hangs there and does nothing even if I leave it for hours.

I've made sure antivirus programs are off etc.

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 30 April 2009 - 04:46 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 swordfishtrombone

swordfishtrombone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 30 April 2009 - 11:26 AM

Heres the log from the ESET scan:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4046 (20090430)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=3338345cd3b58345be699fdac04ca8eb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-30 04:24:06
# local_time=2009-04-30 05:24:06 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=542891
# found=8
# scan_time=10165
F:\Qoobox\Quarantine\F\Documents and Settings\Chas Agar\protect.dll.vir Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\autochk.dll.vir Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\ovfsthetehcodbbtqmiybfvoybomplleqrryxf.dll.vir Win32/Olmarik.HJ trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\ovfsthliqkyiqpkghtkmjeqfwmaullehtkmcwo.dll.vir Win32/Olmarik.HJ trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\ovfsthsynrqnytxuwlkxitbixqvwtcubegcbgq.dll.vir Win32/Olmarik.HJ trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\rksocket.dll.vir a variant of Win32/Spy.Goldun.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\config\systemprofile\protect.dll.vir Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\Qoobox\Quarantine\F\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll.vir Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted) 00000000000000000000000000000000

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 30 April 2009 - 01:24 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 swordfishtrombone

swordfishtrombone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 30 April 2009 - 04:59 PM

All seems fine, everything is running as normal. Thanks very much for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users