Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Yahoo getting Hijacked, Kaspersky unable to startup


  • This topic is locked This topic is locked
11 replies to this topic

#1 ZGMFX10Amod00

ZGMFX10Amod00

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2009 - 09:19 PM

Like with most people, I seem to have been infected by the Google/Yahoo Hijack Virus. A week ago, my Kaspersky ceased working and Google/Yahoo links were being redirected. I have installed AVG and Malwarebytes' Anti Malware and scanned accordingly, and malware were dealt with in the program. However, the problem still persists, and Google/Yahoo links are still being redirected to www.searchtracker.com. I have scanned the computer again, but nothing was found.

Any kind of help would be appreciated. The following is my DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Terrence at 19:21:26.31 on 08/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.2815.2037 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Terrence\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AddTask Class: {6a19c29d-ed45-4483-8999-9f939c8161f2} - c:\program files\eread\eread\WebHook.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRunOnce: [FFTI] c:\documents and settings\terrence\application data\mozilla\firefox\profiles\z74stdhy.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\terrence\application data\mozilla\firefox\profiles/z74stdhy.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\terrence\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\terrence\start menu\programs\startup\PowerReg Scheduler V3.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\terrence\applic~1\mozilla\firefox\profiles\z74stdhy.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - component: c:\documents and settings\terrence\application data\mozilla\firefox\profiles\z74stdhy.default\extensions\nicofox@littlebtc\platform\winnt_x86-msvc\components\winprocess.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-3 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-3 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-3 298776]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2007-12-23 57376]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S1 DW;DW; [x]
S3 DWUSBDNT;DWUSBDNT;c:\windows\system32\drivers\dwusbdnt.sys [2007-6-1 16384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-18 36928]
S3 WMP11;Instant Wireless PCI Card Driver;c:\windows\system32\drivers\wmp11nds.sys --> c:\windows\system32\drivers\WMP11NDS.sys [?]

=============== Created Last 30 ================

2009-06-04 00:05 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 22:40 <DIR> --d----- c:\docume~1\terrence\applic~1\Malwarebytes
2009-06-03 22:38 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 22:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-03 22:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-03 09:12 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-03 09:09 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-03 09:09 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-03 09:09 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-03 09:08 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-03 09:08 <DIR> --d----- c:\program files\AVG
2009-06-03 09:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-03 08:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

==================== Find3M ====================

2007-02-13 15:20 2,284,096 a------- c:\documents and settings\terrence\old.reg
2006-06-22 23:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 19:21:36.25 ===============

Attached Files


Edited by ZGMFX10Amod00, 08 June 2009 - 09:24 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:22 AM

Posted 09 June 2009 - 08:08 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 ZGMFX10Amod00

ZGMFX10Amod00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 June 2009 - 06:46 PM

Hey Sam,

Thanks for the reply, but your OTList2 link seem to be broken. I am scanning with GMER at the moment thuogh, will post the log up when it's done.

I forgot to mention that when I was first infected, my homepage (http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official) returned a Redirect loop, as it kept on going back and forth between google.ca and google.com. It returned to normal after scanning the computer the first time after infection.

Edited by ZGMFX10Amod00, 09 June 2009 - 06:52 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:22 AM

Posted 10 June 2009 - 01:42 PM

Here's the updated link.

We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 ZGMFX10Amod00

ZGMFX10Amod00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 June 2009 - 04:26 PM

Hey Sam,

Here is my GMER log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-10 14:06:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spex.sys ZwCreateKey [0xBA6800E0]
SSDT spex.sys ZwEnumerateKey [0xBA69ECA2]
SSDT spex.sys ZwEnumerateValueKey [0xBA69F030]
SSDT spex.sys ZwOpenKey [0xBA6800C0]
SSDT spex.sys ZwQueryKey [0xBA69F108]
SSDT spex.sys ZwQueryValueKey [0xBA69EF88]
SSDT spex.sys ZwSetValueKey [0xBA69F19A]

INT 0x73 ? 8AF4ABF8
INT 0x83 ? 8B219BF8
INT 0x83 ? 8AF4ABF8
INT 0x83 ? 8B219BF8
INT 0x84 ? 8AF4ABF8
INT 0xA4 ? 8AF4ABF8
INT 0xB4 ? 8B216BF8
INT 0xB4 ? 8B216BF8
INT 0xB4 ? 8B216BF8
INT 0xB4 ? 8B216BF8
INT 0xB4 ? 8AF4ABF8
INT 0xB4 ? 8B216BF8

Code 8AEAD768 ZwFlushInstructionCache
Code 8AEEA07E IofCallDriver
Code 8ADB0CA6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 8AEEA083
.text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 8ADB0CAB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 8AEAD76C
? spex.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B984980C 5 Bytes JMP 8AF4A1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA681040] spex.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA68113C] spex.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6810BE] spex.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6817FC] spex.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6816D2] spex.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA691048] spex.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2141F8
Device \FileSystem\Fastfat \FatCdrom 8AD0C500
Device \Driver\USBSTOR \Device\0000008e 8AF9B500
Device \Driver\USBSTOR \Device\0000008f 8AF9B500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8AF491F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B28C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B28C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B28C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B28C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AF491F8
Device \Driver\usbehci \Device\USBPDO-2 8AF32500
Device \Driver\usbuhci \Device\USBPDO-3 8AF491F8
Device \Driver\usbuhci \Device\USBPDO-4 8AF491F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8AF491F8
Device \Driver\usbehci \Device\USBPDO-6 8AF32500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2171F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2171F8
Device \Driver\atapi \Device\Ide\IdePort0 8B2161F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8B2161F8
Device \Driver\atapi \Device\Ide\IdePort1 8B2161F8
Device \Driver\atapi \Device\Ide\IdePort2 8B2161F8
Device \Driver\atapi \Device\Ide\IdePort3 8B2161F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 8B2161F8
Device \Driver\USBSTOR \Device\00000090 8AF9B500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AABC1F8
Device \Driver\USBSTOR \Device\00000091 8AF9B500
Device \Driver\NetBT \Device\NetbiosSmb 8AABC1F8
Device \Driver\USBSTOR \Device\00000092 8AF9B500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8AF491F8
Device \Driver\usbuhci \Device\USBFDO-1 8AF491F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898451F8
Device \Driver\usbehci \Device\USBFDO-2 8AF32500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898451F8
Device \Driver\usbuhci \Device\USBFDO-3 8AF491F8
Device \Driver\usbuhci \Device\USBFDO-4 8AF491F8
Device \Driver\Ftdisk \Device\FtControl 8B2171F8
Device \Driver\usbuhci \Device\USBFDO-5 8AF491F8
Device \Driver\usbehci \Device\USBFDO-6 8AF32500
Device \Driver\NetBT \Device\NetBT_Tcpip_{F2E4A4AA-FD1A-4E07-9A56-C8C778C4D106} 8AABC1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 8B2151F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8B28B1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8B2151F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8B28B1F8
Device \FileSystem\Fastfat \Fat 8AD0C500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 898441F8
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [928] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF2 0xD2 0x69 0x63 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x59 0xBC 0x76 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x52 0x31 0x28 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEA 0xAF 0xF2 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD2 0x41 0xC9 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x99 0x5A 0xF9 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0x8D 0xDF 0x10 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4D 0xBA 0x5B 0xE0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7D 0x02 0x63 0x87 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4D 0xBA 0x5B 0xE0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7D 0x02 0x63 0x87 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4D 0xBA 0x5B 0xE0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE8 0xD3 0xEA 0xC6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4D 0xBA 0x5B 0xE0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6B 0xAE 0xB3 0x8B ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6B 0xAE 0xB3 0x8B ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0x3E 0x95 0x45 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x70 0xBC 0xDB 0x7C ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0x3E 0x95 0x45 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0x40 0xA2 0xF0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x70 0xBC 0xDB 0x7C ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x7C 0x30 0x2A ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x69 0x91 0x92 0x9C ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x95 0x70 0x28 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcjribjqqpmexaqsybxaijewmitwwdwylc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1529736999
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1243290775
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x7C 0x30 0x2A ...
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll
Reg HKLM\SYSTEM\ControlSet014\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcjribjqqpmexaqsybxaijewmitwwdwylc.dll
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x7C 0x30 0x2A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\@Order 0x08 0x00 0x00 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys 48128 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\gxvxcyxuwkteoqxthqobymiqtnyvbfpuoflbv.sys 48128 bytes executable
File C:\WINDOWS\system32\gxvxccount 4 bytes
File C:\WINDOWS\system32\gxvxcjribjqqpmexaqsybxaijewmitwwdwylc.dll 27649 bytes executable
File C:\WINDOWS\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll 22529 bytes executable

---- EOF - GMER 1.0.15 ----


And here is my OTL log:

OTL logfile created on: 10/06/2009 2:19:54 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Terrence\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.68 Gb Available in Paging File | 92.01% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 54.45 Gb Free Space | 18.27% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 5.29 Gb Free Space | 1.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 243.70 Mb Total Space | 22.24 Mb Free Space | 9.13% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TWDESKTOP
Current User Name: Terrence
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 04:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/06/09 13:40:02 | 00,397,312 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/11/08 14:27:54 | 00,222,208 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/03/16 08:06:34 | 00,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/04/03 20:55:08 | 00,839,680 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/03 09:08:50 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/05/16 09:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/03 09:08:47 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/10/26 14:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/08/11 22:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/06/03 09:08:52 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/03 09:08:52 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/11/06 15:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/05/16 09:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/05/16 09:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009/05/04 07:24:04 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/10 14:16:39 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terrence\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/03 09:08:47 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/09/25 17:55:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/03 16:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/26 14:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 13:10:46 | 03,201,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/05/16 09:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009/02/16 23:33:00 | 02,675,450 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2006/08/11 22:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/11/06 13:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2006/11/06 15:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/05/18 11:01:50 | 00,304,640 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2007/05/18 09:20:24 | 00,094,848 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2007/06/05 07:05:12 | 01,296,640 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5416.sys -- (AR5416 [On_Demand | Running])
DRV - [2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32 [System | Running])
DRV - [2009/06/03 09:09:05 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/03 09:09:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/03 09:09:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2007/02/10 00:17:38 | 00,163,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen [Boot | Stopped])
DRV - [2004/09/21 23:18:50 | 00,016,384 | ---- | M] (Digit@lway Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys -- (DWUSBDNT [On_Demand | Stopped])
DRV - [2007/01/16 13:13:53 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2007/01/16 13:05:46 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/05/16 17:59:40 | 00,011,568 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running])
DRV - [2007/05/16 17:59:42 | 00,133,168 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running])
DRV - [2006/02/07 04:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO [Boot | Running])
DRV - [2006/07/17 18:51:40 | 00,041,600 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV - [2007/07/06 17:30:00 | 00,057,376 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\jswscimd.sys -- (JSWSCIMD [On_Demand | Running])
DRV - [2004/05/21 12:15:31 | 00,019,968 | R--- | M] () -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2004/08/12 19:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2004/08/03 14:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2006/10/10 09:54:32 | 00,009,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2006/10/10 09:54:32 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2006/10/10 09:54:34 | 00,138,240 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2006/10/10 09:54:32 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2007/11/06 13:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/08/11 22:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/10/18 23:11:14 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\system32\Drivers\pssdk41.sys -- (PsSdk41 [On_Demand | Stopped])
DRV - [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/05/21 12:16:14 | 00,471,232 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Running])
DRV - [2006/06/28 01:25:06 | 00,081,920 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/03/17 18:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/12/12 13:22:36 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/07/26 09:25:14 | 00,039,808 | ---- | M] () -- C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys -- (SRS_SSCFilter [On_Demand | Stopped])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/06/13 20:05:36 | 00,018,859 | ---- | M] () -- C:\WINDOWS\wmp11.log -- (WMP11 [On_Demand | Stopped])
DRV - [2006/06/27 14:32:00 | 00,450,560 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS) [On_Demand | Stopped])
DRV - [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\S-1-5-21-1060284298-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\S-1-5-21-1060284298-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (English)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.9
FF - prefs.js..extensions.enabledItems: {6D898772-AD34-4c16-86BB-9DE787A5DEA0}:1.09
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:2.0.3
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.3.2.1
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.05
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: aerofox@gmail.com:1.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: ultimatefox@gmail.com:1.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008/10/29 22:22:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/27 19:29:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/03 09:08:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/08 01:54:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/04 07:24:41 | 00,000,000 | ---D | M]

[2008/03/03 14:12:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Extensions
[2008/03/03 14:12:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/10 00:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions
[2009/04/11 00:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/05/30 12:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/03/24 16:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/04/11 00:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2009/04/16 07:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/19 13:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2007/04/09 02:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\aerofox@gmail.com
[2009/02/13 23:34:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\nicofox@littlebtc
[2007/04/09 02:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Terrence\Application Data\mozilla\Firefox\Profiles\z74stdhy.default\extensions\ultimatefox@gmail.com
[2009/06/04 11:16:17 | 00,001,746 | ---- | M] () -- C:\Documents and Settings\Terrence\Application Data\Mozilla\FireFox\Profiles\z74stdhy.default\searchplugins\lyricwikiorg.xml
[2007/02/09 21:26:58 | 00,001,068 | ---- | M] () -- C:\Documents and Settings\Terrence\Application Data\Mozilla\FireFox\Profiles\z74stdhy.default\searchplugins\wikipedia-english.xml
[2009/01/02 21:32:44 | 00,001,376 | ---- | M] () -- C:\Documents and Settings\Terrence\Application Data\Mozilla\FireFox\Profiles\z74stdhy.default\searchplugins\wikipedia-ja.xml
[2009/06/10 00:03:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/04 07:24:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/19 18:23:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/11/14 21:53:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/27 19:29:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/30 16:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/05 19:20:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/04 07:23:55 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/04 07:23:55 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/04 07:24:33 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/04 07:24:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/04 07:24:33 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/04 07:24:33 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/04 07:24:33 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/04 07:24:33 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/04 07:24:34 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/04 07:24:34 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (866 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.skadns.net
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AddTask Class) - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot (JMicron Technology Corp.)
O4 - HKLM..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM (Stardock and Luca Saggese)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme File not found
O4 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003..\RunOnce: [FFTI] C:\Documents and Settings\Terrence\Application Data\Mozilla\Firefox\Profiles\z74stdhy.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Terrence\Application Data\Mozilla\Firefox\Profiles/z74stdhy.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" File not found
O4 - Startup: C:\Documents and Settings\Terrence\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Terrence\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/08 01:26:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/03 08:33:54 | 00,000,366 | RHS- | M] () - G:\autorun.inf -- [ FAT ]
O33 - MountPoints2\C\Shell - "" = Autorun
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com c:\
O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com -- File not found
O33 - MountPoints2\D\Shell - "" = Autorun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com d:\
O33 - MountPoints2\D\Shell\Open\command - "" = D:\RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/10 14:16:39 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[96 C:\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/06/10 14:16:39 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terrence\Desktop\OTL.exe
[2009/06/10 00:41:37 | 01,095,993 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\CS4PS64dll.rar
[2009/06/09 17:58:05 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/06/09 16:20:59 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Terrence\Desktop\gmer.exe
[2009/06/09 16:20:50 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Terrence\Desktop\gmer.zip
[2009/06/09 03:24:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Kaspersky7_8_0606
[2009/06/09 01:10:53 | 07,238,875 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\label-beta1.pdf
[2009/06/08 23:54:06 | 00,191,961 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\label-draft2.jpg
[2009/06/08 23:52:45 | 00,176,451 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\label-draft1.jpg
[2009/06/08 19:06:51 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Terrence\Desktop\dds.scr
[2009/06/04 00:05:24 | 00,001,688 | ---- | C] () -- C:\Documents and Settings\Terrence\Desktop\HijackThis.lnk
[2009/06/04 00:05:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/03 22:51:05 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Terrence\Desktop\HJTInstall.exe
[2009/06/03 22:40:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrence\Application Data\Malwarebytes
[2009/06/03 22:38:54 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/03 22:38:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/03 22:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/03 22:38:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/03 22:37:51 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Terrence\Desktop\mbam-setup.exe
[2009/06/03 09:12:00 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/03 09:09:08 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/03 09:09:07 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/03 09:09:06 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/03 09:09:05 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/03 09:09:03 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/03 09:08:58 | 37,018,729 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/03 09:08:58 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/03 09:08:58 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/03 09:08:58 | 00,070,980 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/03 09:08:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/03 09:08:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/03 09:08:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/03 08:53:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/06/03 08:50:07 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/06/02 04:09:43 | 00,141,106 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Kontrapunkt-PC.zip
[2009/06/02 03:58:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ProximaNova
[2009/06/02 03:33:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\KAV 06-02-09
[2009/05/27 22:41:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrence\Desktop\[MGRT][DVDrip]MAAYA SAKAMOTO LIVE TOUR 2009 WE ARE KAZEYOMI! (x264_aac)
[2009/05/25 23:19:44 | 00,401,828 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-final.pdf
[2009/05/25 22:06:19 | 06,989,913 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\original2.jpg
[2009/05/25 22:02:51 | 00,167,864 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\presentation-grid-original.jpg
[2009/05/25 22:02:51 | 00,122,587 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\presentation-grid-edited.jpg
[2009/05/25 21:18:48 | 00,398,116 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draftRTM2-test.pdf
[2009/05/25 21:08:11 | 00,396,458 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draftRTM2.pdf
[2009/05/25 20:29:34 | 00,099,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
[2009/05/25 20:24:12 | 10,695,037 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\splendor1.jpg
[2009/05/25 20:24:12 | 10,618,476 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\splendor2.jpg
[2009/05/24 23:30:35 | 00,390,153 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draftRTM.pdf
[2009/05/24 22:44:34 | 00,370,545 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draft07.pdf
[2009/05/24 21:05:30 | 00,363,542 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draft06.pdf
[2009/05/24 19:41:24 | 00,356,467 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draft05.pdf
[2009/05/24 01:31:12 | 00,366,282 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\spread-draft04.pdf
[2009/05/16 19:38:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrence\My Documents\NeroVision
[2009/05/12 18:47:33 | 00,009,035 | ---- | C] () -- C:\Documents and Settings\Terrence\My Documents\sfusr550_1351578_2.pdf
[2008/08/08 00:27:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/08 00:27:47 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/04/09 14:00:24 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/04/09 14:00:24 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/03/05 01:01:24 | 00,000,265 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/11/10 12:56:03 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2007/11/10 12:56:03 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/11/06 13:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/28 19:01:42 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/09/14 13:31:30 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/09/14 13:19:09 | 00,047,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/09/14 13:19:09 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/09/14 13:19:09 | 00,042,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/09/14 13:19:09 | 00,039,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/08/19 19:37:41 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/07/31 13:27:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/04 20:29:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/11 11:12:15 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/13 13:24:31 | 00,000,215 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/02/10 00:58:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/02/10 00:39:19 | 07,737,564 | ---- | C] () -- C:\WINDOWS\System32\VIPv3_EXT.dll
[2007/02/10 00:39:08 | 00,000,096 | ---- | C] () -- C:\WINDOWS\docs.ini
[2007/02/10 00:29:16 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/02/10 00:29:03 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/02/10 00:16:10 | 00,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2007/02/09 23:47:11 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/02/09 23:27:29 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/02/09 20:19:59 | 00,005,993 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/09 20:19:58 | 00,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2007/02/09 20:19:55 | 00,471,232 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2007/02/08 02:32:14 | 00,012,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2007/02/08 02:21:51 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/08 02:21:51 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/08 02:21:51 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/08 02:21:51 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/08 02:21:27 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/08 02:21:25 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/08 02:21:15 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/08 01:54:04 | 00,020,532 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/02/08 01:53:32 | 00,020,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/02/08 01:53:30 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/08 01:53:27 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/01/16 13:07:10 | 00,007,787 | ---- | C] () -- C:\WINDOWS\System32\wmmnt.dll
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2001/08/23 05:00:00 | 00,000,289 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[96 C:\*.tmp files]
[19 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/06/10 14:16:39 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terrence\Desktop\OTL.exe
[2009/06/10 14:10:50 | 00,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/10 14:10:49 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009/06/10 14:10:47 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Terrence\Local Settings\desktop.ini
[2009/06/10 14:10:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/10 14:10:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/10 09:29:23 | 37,018,729 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/10 09:29:23 | 00,070,980 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/10 08:27:28 | 01,879,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 01:53:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/10 01:46:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/09 23:39:23 | 01,095,993 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CS4PS64dll.rar
[2009/06/09 16:20:51 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Terrence\Desktop\gmer.zip
[2009/06/09 01:10:49 | 07,238,875 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\label-beta1.pdf
[2009/06/09 00:06:25 | 00,099,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
[2009/06/09 00:06:10 | 00,191,961 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\label-draft2.jpg
[2009/06/08 23:17:19 | 00,176,451 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\label-draft1.jpg
[2009/06/08 19:06:51 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Terrence\Desktop\dds.scr
[2009/06/06 21:26:38 | 00,001,171 | ---- | M] () -- C:\Documents and Settings\Terrence\My Documents\gxzerotw@shaw.ca Sharing Folders Archive.lnk
[2009/06/06 08:18:13 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/06 08:18:13 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/05 23:50:54 | 00,001,688 | ---- | M] () -- C:\Documents and Settings\Terrence\Desktop\HijackThis.lnk
[2009/06/03 22:51:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Terrence\Desktop\HJTInstall.exe
[2009/06/03 22:38:21 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Terrence\Desktop\mbam-setup.exe
[2009/06/03 20:38:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/03 09:09:08 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/03 09:09:07 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/03 09:09:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/03 09:09:05 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/03 09:09:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/02 19:15:10 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/02 04:09:44 | 00,141,106 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Kontrapunkt-PC.zip
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 23:40:56 | 00,401,828 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-final.pdf
[2009/05/25 22:48:02 | 00,396,458 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draftRTM2.pdf
[2009/05/25 22:00:54 | 00,167,864 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\presentation-grid-original.jpg
[2009/05/25 21:56:03 | 06,989,913 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\original2.jpg
[2009/05/25 21:34:32 | 00,122,587 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\presentation-grid-edited.jpg
[2009/05/25 21:18:47 | 00,398,116 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draftRTM2-test.pdf
[2009/05/25 20:16:14 | 10,695,037 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\splendor1.jpg
[2009/05/25 20:16:11 | 10,618,476 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\splendor2.jpg
[2009/05/25 01:50:10 | 00,390,153 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draftRTM.pdf
[2009/05/24 23:18:38 | 00,370,545 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draft07.pdf
[2009/05/24 22:24:01 | 00,363,542 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draft06.pdf
[2009/05/24 19:40:10 | 00,356,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draft05.pdf
[2009/05/24 02:53:01 | 00,366,282 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\spread-draft04.pdf
[2009/05/12 18:47:33 | 00,009,035 | ---- | M] () -- C:\Documents and Settings\Terrence\My Documents\sfusr550_1351578_2.pdf
[2009/05/11 15:05:33 | 00,000,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:22 AM

Posted 11 June 2009 - 10:00 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O32 - AutoRun File - [2009/06/03 08:33:54 | 00,000,366 | RHS- | M] () - G:\autorun.inf -- [ FAT ]
    O33 - MountPoints2\C\Shell - "" = Autorun
    O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com c:\
    O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com -- File not found
    O33 - MountPoints2\D\Shell - "" = Autorun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com d:\
    O33 - MountPoints2\D\Shell\Open\command - "" = D:\RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com -- File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1060284298-1935655697-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
    
    
    :Files
    C:\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    C:\WINDOWS\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys 
    C:\WINDOWS\system32\drivers\gxvxcyxuwkteoqxthqobymiqtnyvbfpuoflbv.sys 
    C:\WINDOWS\system32\gxvxccount 
    C:\WINDOWS\system32\gxvxcjribjqqpmexaqsybxaijewmitwwdwylc.dll 
    C:\WINDOWS\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

===============


Next we need to run Combofix.




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 ZGMFX10Amod00

ZGMFX10Amod00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 June 2009 - 01:21 PM

Hey Sam,

Here is my new OTL log:

========== OTL ==========
G:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com c:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com d:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\RECYCLER\S-8-4-12-100031819-100007585-100031060-3210.com not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-1935655697-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
========== FILES ==========
C:\_@112.tmp moved successfully.
C:\_@113.tmp moved successfully.
C:\_@114.tmp moved successfully.
C:\_@115.tmp moved successfully.
C:\_@116.tmp moved successfully.
C:\_@117.tmp moved successfully.
C:\_@118.tmp moved successfully.
C:\_@119.tmp moved successfully.
C:\_@11A.tmp moved successfully.
C:\_@11B.tmp moved successfully.
C:\_@11C.tmp moved successfully.
C:\_@11D.tmp moved successfully.
C:\_@11E.tmp moved successfully.
C:\_@11F.tmp moved successfully.
C:\_@120.tmp moved successfully.
C:\_@121.tmp moved successfully.
C:\_@122.tmp moved successfully.
C:\_@123.tmp moved successfully.
C:\_@124.tmp moved successfully.
C:\_@125.tmp moved successfully.
C:\_@126.tmp moved successfully.
C:\_@127.tmp moved successfully.
C:\_@128.tmp moved successfully.
C:\_@129.tmp moved successfully.
C:\_@12A.tmp moved successfully.
C:\_@12B.tmp moved successfully.
C:\_@12C.tmp moved successfully.
C:\_@12D.tmp moved successfully.
C:\_@12E.tmp moved successfully.
C:\_@12F.tmp moved successfully.
C:\_@130.tmp moved successfully.
C:\_@131.tmp moved successfully.
C:\_@132.tmp moved successfully.
C:\_@133.tmp moved successfully.
C:\_@134.tmp moved successfully.
C:\_@135.tmp moved successfully.
C:\_@136.tmp moved successfully.
C:\_@137.tmp moved successfully.
C:\_@138.tmp moved successfully.
C:\_@139.tmp moved successfully.
C:\_@13A.tmp moved successfully.
C:\_@13B.tmp moved successfully.
C:\_@13C.tmp moved successfully.
C:\_@13D.tmp moved successfully.
C:\_@13E.tmp moved successfully.
C:\_@13F.tmp moved successfully.
C:\_@140.tmp moved successfully.
C:\_@141.tmp moved successfully.
C:\_@142.tmp moved successfully.
C:\_@143.tmp moved successfully.
C:\_@144.tmp moved successfully.
C:\_@145.tmp moved successfully.
C:\_@146.tmp moved successfully.
C:\_@147.tmp moved successfully.
C:\_@148.tmp moved successfully.
C:\_@149.tmp moved successfully.
C:\_@14A.tmp moved successfully.
C:\_@14B.tmp moved successfully.
C:\_@14C.tmp moved successfully.
C:\_@14D.tmp moved successfully.
C:\_@14E.tmp moved successfully.
C:\_@14F.tmp moved successfully.
C:\_@150.tmp moved successfully.
C:\_@151.tmp moved successfully.
C:\_@152.tmp moved successfully.
C:\_@153.tmp moved successfully.
C:\_@154.tmp moved successfully.
C:\_@155.tmp moved successfully.
C:\_@156.tmp moved successfully.
C:\_@157.tmp moved successfully.
C:\_@158.tmp moved successfully.
C:\_@159.tmp moved successfully.
C:\_@15A.tmp moved successfully.
C:\_@15B.tmp moved successfully.
C:\_@15C.tmp moved successfully.
C:\_@15D.tmp moved successfully.
C:\_@15E.tmp moved successfully.
C:\_@15F.tmp moved successfully.
C:\_@160.tmp moved successfully.
C:\_@161.tmp moved successfully.
C:\_@162.tmp moved successfully.
C:\_@163.tmp moved successfully.
C:\_@164.tmp moved successfully.
C:\_@165.tmp moved successfully.
C:\_@166.tmp moved successfully.
C:\_@167.tmp moved successfully.
C:\_@168.tmp moved successfully.
C:\_@169.tmp moved successfully.
C:\_@16A.tmp moved successfully.
C:\_@16B.tmp moved successfully.
C:\_@16C.tmp moved successfully.
C:\_@16D.tmp moved successfully.
C:\_@16E.tmp moved successfully.
C:\_@16F.tmp moved successfully.
C:\_@170.tmp moved successfully.
C:\_@171.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\notepad.tmp moved successfully.
C:\WINDOWS\System32\SET11C.tmp moved successfully.
C:\WINDOWS\System32\SET1A4.tmp moved successfully.
C:\WINDOWS\System32\SET1A5.tmp moved successfully.
C:\WINDOWS\System32\SET1A6.tmp moved successfully.
C:\WINDOWS\System32\SET1A7.tmp moved successfully.
C:\WINDOWS\System32\SET1AC.tmp moved successfully.
C:\WINDOWS\System32\SET1B4.tmp moved successfully.
C:\WINDOWS\System32\SET1B6.tmp moved successfully.
C:\WINDOWS\System32\SET1D8.tmp moved successfully.
C:\WINDOWS\System32\SET31.tmp moved successfully.
C:\WINDOWS\System32\SET3D.tmp moved successfully.
C:\WINDOWS\System32\SETBA.tmp moved successfully.
C:\WINDOWS\System32\SETBB.tmp moved successfully.
C:\WINDOWS\System32\SETBC.tmp moved successfully.
C:\WINDOWS\System32\SETBD.tmp moved successfully.
C:\WINDOWS\System32\SETC2.tmp moved successfully.
C:\WINDOWS\System32\SETCC.tmp moved successfully.
C:\WINDOWS\isRS-000.tmp moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\notepad.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File\Folder C:\WINDOWS\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys not found.
File\Folder C:\WINDOWS\system32\drivers\gxvxcyxuwkteoqxthqobymiqtnyvbfpuoflbv.sys not found.
File\Folder C:\WINDOWS\system32\gxvxccount not found.
File\Folder C:\WINDOWS\system32\gxvxcjribjqqpmexaqsybxaijewmitwwdwylc.dll not found.
File\Folder C:\WINDOWS\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Terrence\Local Settings\Temp\etilqs_FobUxe67OgekXgeUI8j8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_134.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 06112009_104517

Files moved on Reboot...
File C:\Documents and Settings\Terrence\Local Settings\Temp\etilqs_FobUxe67OgekXgeUI8j8 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_134.dat not found!

Registry entries deleted on Reboot...


ComboFix log:

ComboFix 09-06-11.02 - Terrence 11/06/2009 11:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.2815.2366 [GMT -7:00]
Running from: c:\documents and settings\Terrence\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Terrence\Application Data\.#
c:\windows\IE4 Error Log.txt
c:\windows\kb913800.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\gxvxcuirwapasrprtqlhtnuyavhonbaivjqqu.sys
c:\windows\system32\drivers\gxvxcyxuwkteoqxthqobymiqtnyvbfpuoflbv.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcjribjqqpmexaqsybxaijewmitwwdwylc.dll
c:\windows\system32\gxvxcwkkylqrdslkfabxtptmxfmevugdohaip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 17:45 . 2009-06-11 17:45 -------- d-----w- C:\_OTL
2009-06-10 00:58 . 2009-05-07 15:44 344064 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-06-04 07:05 . 2009-06-04 07:05 -------- d-----w- c:\program files\Trend Micro
2009-06-04 05:40 . 2009-06-04 05:40 -------- d-----w- c:\documents and settings\Terrence\Application Data\Malwarebytes
2009-06-04 05:38 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 05:38 . 2009-06-04 05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 05:38 . 2009-06-04 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 05:38 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 16:12 . 2009-06-09 00:22 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-03 16:09 . 2009-06-03 16:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-03 16:09 . 2009-06-03 16:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-03 16:09 . 2009-06-03 16:09 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-03 16:09 . 2009-06-03 16:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-03 16:08 . 2009-06-11 15:16 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-03 16:08 . 2009-06-03 16:08 -------- d-----w- c:\program files\AVG
2009-06-03 16:08 . 2009-06-03 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-03 15:53 . 2009-06-03 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 17:52 . 2007-11-03 16:02 169936 ----a-w- c:\documents and settings\Terrence\Application Data\Mozilla\Firefox\Profiles\z74stdhy.default\FlashGot.exe
2009-06-11 07:03 . 2007-03-22 00:50 -------- d-----w- c:\documents and settings\Terrence\Application Data\uTorrent
2009-06-11 00:10 . 2007-02-10 06:34 -------- d-----w- c:\program files\eMule
2009-06-10 08:54 . 2007-02-13 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 01:40 . 2009-05-04 06:52 -------- d-----w- c:\program files\SD GUNDAM Online
2009-06-09 01:40 . 2007-09-26 01:05 -------- d-----w- c:\program files\Bonjour
2009-06-09 01:39 . 2007-02-27 07:19 -------- d-----w- c:\program files\M3 GAME Manager
2009-06-05 08:43 . 2007-04-26 00:01 -------- d-----w- c:\documents and settings\Terrence\Application Data\Skype
2009-06-05 05:49 . 2009-03-27 07:12 -------- d-----w- c:\documents and settings\Terrence\Application Data\skypePM
2009-06-04 05:35 . 2007-02-10 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 05:33 . 2007-06-25 06:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 05:33 . 2007-02-10 03:27 -------- d-----w- c:\program files\Lavasoft
2009-06-03 17:17 . 2007-11-10 19:56 -------- d-----w- c:\program files\Ultra PSP Movie Converter
2009-05-25 00:09 . 2009-04-16 10:00 -------- d-----w- c:\program files\SpeedFan
2009-05-14 18:22 . 2007-02-10 03:54 -------- d-----w- c:\program files\FlashGet
2009-05-12 14:48 . 2007-02-20 09:33 -------- d-----w- c:\program files\mIRC
2009-05-07 15:44 . 2004-08-03 23:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 09:13 . 2008-10-30 05:42 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 09:03 . 2008-10-30 05:32 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-07 08:55 . 2007-02-13 06:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-04 07:16 . 2009-05-04 07:16 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-04-29 04:31 . 2007-01-16 20:07 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 10:09 . 2007-01-16 20:07 1847936 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2007-01-16 20:06 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 02:19 . 2009-04-06 02:19 152576 ----a-w- c:\documents and settings\Terrence\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-27 07:12 . 2009-03-27 07:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 20:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-01-16 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 352256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-27 270336]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-03 1947928]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]

c:\documents and settings\Terrence\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
PowerReg Scheduler V3.exe [2007-7-18 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-03 16:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbganglion5.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11668:TCP"= 11668:TCP:BitComet 11668 TCP
"11668:UDP"= 11668:UDP:BitComet 11668 UDP

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/06/2009 9:09 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/06/2009 9:09 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/06/2009 9:08 AM 298776]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [23/12/2007 2:47 AM 57376]
S1 DW;DW; [x]
S3 DWUSBDNT;DWUSBDNT;c:\windows\system32\drivers\dwusbdnt.sys [01/06/2007 1:07 AM 16384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 1:22 PM 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [18/10/2008 11:11 PM 36928]
S3 WMP11;Instant Wireless PCI Card Driver;c:\windows\system32\DRIVERS\WMP11NDS.sys --> c:\windows\system32\DRIVERS\WMP11NDS.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKCU-RunOnce-FFTI - c:\documents and settings\Terrence\Application Data\Mozilla\Firefox\Profiles\z74stdhy.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Terrence\Application Data\Mozilla\Firefox\Profiles\z74stdhy.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - component: c:\documents and settings\Terrence\Application Data\Mozilla\Firefox\Profiles\z74stdhy.default\extensions\nicofox@littlebtc\platform\WINNT_x86-msvc\components\winprocess.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 11:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1935655697-839522115-1003\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Project\Settings\Sb*_]
"PositionInfo-Monitor1"=hex:fb,00,00,00,ed,00,00,00,02,03,00,00,cc,01,00,00

[HKEY_USERS\S-1-5-21-1060284298-1935655697-839522115-1003\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Project\Settings\Sb*_\File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a

[HKEY_USERS\S-1-5-21-1060284298-1935655697-839522115-1003\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Project\Settings\Sb*_\View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-06-11 11:18
ComboFix-quarantined-files.txt 2009-06-11 18:18

Pre-Run: 64,418,283,520 bytes free
Post-Run: 64,447,741,952 bytes free

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
232 --- E O F --- 2009-06-10 08:54

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:22 AM

Posted 11 June 2009 - 04:48 PM

Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 ZGMFX10Amod00

ZGMFX10Amod00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 12 June 2009 - 10:29 AM

Hey Sam,

My computer seems to be fine with Google and Yahoo now, thanks for help.

Malwarebytes' Anti-Malware 1.37
Database version: 2265
Windows 5.1.2600 Service Pack 2

12/06/2009 8:12:05 AM
mbam-log-2009-06-12 (08-12-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 377654
Time elapsed: 1 hour(s), 30 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:22 AM

Posted 12 June 2009 - 10:38 AM

Looks good! :)
Just a few last steps and some final recommendations for you.


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


=================



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 ZGMFX10Amod00

ZGMFX10Amod00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 June 2009 - 01:13 AM

Everything is working great again! Thanks for your help!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:22 AM

Posted 13 June 2009 - 11:03 AM

I'm glad I could help you out! :thumbup2:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users