Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.wimad detected by free Norton Security Scan but not by AVG scan


  • This topic is locked This topic is locked
6 replies to this topic

#1 Bxxx

Bxxx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 01 July 2009 - 09:45 PM

Hi,

Here is my computer specs and log file. Please let me know if any other info is required as this is the first time i've posted a cry for help.

Thanx, Bxxx

OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6000 Build 6000
OS Manufacturer Microsoft Corporation
System Name BIG-USER-PC
System Manufacturer ASUSTeK Computer Inc.
System Model F8SN
System Type X86-based PC
Processor Intel® Core™2 Duo CPU T9300 @ 2.50GHz, 2501 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 303, 12/03/2008
SMBIOS Version 2.4
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale Australia
Hardware Abstraction Layer Version = "6.0.6000.16407"
User Name BIG-USER-PC\User
Time Zone AUS Eastern Standard Time
Total Physical Memory 2,046.63 MB
Available Physical Memory 920.26 MB
Total Virtual Memory 4.20 GB
Available Virtual Memory 2.73 GB
Page File Space 2.29 GB
Page File C:\pagefile.sys



DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 11:48:36.10 on Thu 02/07/2009
Internet Explorer: 7.0.6000.16830
Microsoft® Windows Vista™ Home Premium

6.0.6000.0.1252.61.1033.18.2047.857 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-

9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-

43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-

DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-

4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdeserv.exe
C:\Windows\system32\lxdecoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\SmartLogon\facemgr.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\MAXON\MiniMax\Bin\Demon6280.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-

4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\MAXON\MiniMax\Bin\cmoUIMain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MAXON\MiniMax\Bin\QMICM.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.asus.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43

-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-

77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43

-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} -

c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} -

c:\program files\lexmark toolbar\toolband.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} -

c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-

206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-

0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} -

c:\program files\torrentman\tbTorr.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-

5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -

c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} -

c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-

ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-

76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-

b03d0ec10000} - c:\program files\asus security center\asus security

protect manager\bin\ItIEAddIn.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} -

c:\program files\torrentman\tbTorr.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} -

c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -

c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search &

destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash

/minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe

-hide
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1

\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32

\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32

\NvMcTray.dll,NvTaskbarInit
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1

\bin\ASTSVCC.dll,RegisterModule
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile

device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Telstra_TM] c:\program files\maxon\minimax\bin\Demon6280.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common

files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}

\pifsvc.exe" /a /m "c:\program files\common files\symantec

shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
StartupFolder: c:\progra~2\micros~1\windows\startm~1

\programs\startup\logite~2.lnk - c:\program

files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12

\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-

0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {1009C944-97D5-44A9-9E32-DFF54F498968} - {1009C944-97D5-44A9-

9E32-DFF54F498968} - c:\program files\asus security center\asus

security protect manager\bin\ASWallet.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-

914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-

89BD-DBDA6122F741} - c:\program files\hp\smart web

printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-

B14C-DE20B117E636} - c:\program files\hp\smart web

printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-

BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-

2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c

ab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} -

hxxps://spinpalace.microgaming.com/spinpalace/FlashAX2.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program

files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: APSHook.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-

52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath -

c:\users\user\appdata\roaming\mozilla\firefox\profiles\y19cdgiq.defa

ult\
FF - component: c:\program files\avg\avg8

\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32

\drivers\avgldx86.sys [2009-5-6 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32

\drivers\avgtdix.sys [2009-5-6 108552]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-

17 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32

\drivers\psd.sys [2007-1-23 39080]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32

\drivers\BthAudioHF.sys [2008-3-7 29184]
R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys

[2008-7-10 34816]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32

\drivers\BthAvrcp.sys [2008-7-10 15872]
R3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32

\drivers\cmusbnet.sys [2008-6-17 87424]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys

[2006-12-13 87040]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32

\drivers\itecir.sys [2008-3-7 47616]

=============== Created Last 30 ================

2009-07-01 13:27 <DIR> --d----- C:\perflogs
2009-06-30 18:22 696,832 a------- c:\windows\system32

\localspl.dll
2009-06-30 17:03 788,992 a------- c:\windows\system32

\rpcrt4.dll
2009-06-30 17:03 2,030,080 a-------

c:\windows\system32\win32k.sys
2009-06-29 19:15 206,504 a---h--- c:\windows\system32

\mlfcache.dat
2009-06-29 10:11 <DIR> --d----- c:\programdata\AVG

Security Toolbar
2009-06-29 10:11 <DIR> --d----- c:\progra~2\AVG

Security Toolbar
2009-06-28 16:58 107,368 a------- c:\windows\system32

\GEARAspi.dll
2009-06-28 16:58 23,400 a------- c:\windows\system32

\drivers\GEARAspiWDM.sys
2009-06-28 16:58 <DIR> --d----- c:\program

files\iPod
2009-06-28 16:58 <DIR> --d-----

c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 16:58 <DIR> --d----- c:\program

files\iTunes
2009-06-28 16:58 <DIR> --d----- c:\progra~2

\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-13 22:25 <DIR> --d----- c:\program

files\Norton Security Scan
2009-06-13 18:32 <DIR> --d----- c:\windows\system32

\Adobe
2009-06-13 17:18 <DIR> --d-----

c:\users\user\dwhelper
2009-06-12 16:22 <DIR> --d----- c:\program

files\MAXON
2009-06-12 16:22 319,488 a-------

c:\windows\PINSTALLPROCESS.DLL

==================== Find3M ====================

2009-07-02 08:33 45,056 a------- c:\windows\system32

\acovcnt.exe
2009-07-02 08:19 6,604 a-------

c:\windows\bthservsdp.dat
2009-06-30 17:27 143,360 a-------

c:\windows\inf\infstrng.dat
2009-06-30 17:27 51,200 a-------

c:\windows\inf\infpub.dat
2009-06-30 17:27 86,016 a-------

c:\windows\inf\infstor.dat
2009-06-29 10:09 327,688 a------- c:\windows\system32

\drivers\avgldx86.sys
2009-06-29 10:09 11,952 a------- c:\windows\system32

\avgrsstx.dll
2009-06-28 18:49 117,888 a-------

c:\users\user\appdata\roaming\nvModes.dat
2009-05-08 09:47 108,552 a------- c:\windows\system32

\drivers\avgtdix.sys
2009-05-06 09:55 174 a--sh--- c:\program

files\desktop.ini
2008-06-26 03:21 665,600 a-------

c:\windows\inf\drvindex.dat
2006-11-02 22:42 287,440 a-------

c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a-------

c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a-------

c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a-------

c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a-------

c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a-------

c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a-------

c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a-------

c:\windows\inf\perflib\0000\perfc.dat
2008-07-07 11:42 16,384 a--sh---

c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\wi

ndows\history\history.ie5\index.dat
2008-07-07 11:42 32,768 a--sh---

c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\wi

ndows\temporary internet files\content.ie5\index.dat
2008-07-07 11:42 16,384 a--sh---

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\

windows\cookies\index.dat

============= FINISH: 11:49:58.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 06 July 2009 - 09:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Bxxx

Bxxx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 July 2009 - 10:49 PM

Hi, Thank's for your reply.

Firstly i've pasted the new DDS report as requested below.
Since my first post i've scanned the whole computer with Spybot S&D which found nothing and i've also scanned with Ad-Aware free Anniversary edition which found 38 cookies, i've also pasted & attached ZIP of that log file below.

Thank's for helping me with this problem, I will be patiently awaiting your next lot of advice.

Thank's, Bxxx



DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 13:12:45.96 on Tue 07/07/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.2047.951 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\facemgr.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdeserv.exe
C:\Windows\system32\lxdecoms.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Telstra\Telstra Turbo Modem\Bin\cmoUIMain.exe
C:\Program Files\Telstra\Telstra Turbo Modem\Bin\QMICM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\User\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8

\toolbar\IEToolbar.dll
mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8

\toolbar\IEToolbar.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus

security protect manager\bin\ItIEAddIn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}

\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Telstra_TM] c:\program files\telstra\telstra turbo modem\bin\Demon6280.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program

files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06

\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12

\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web

printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web

printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12

\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://spinpalace.microgaming.com/spinpalace/FlashAX2.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12

\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: APSHook.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\y19cdgiq.default\
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-6 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-6 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-6 108552]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-17 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-6 298776]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2006-11-2 22016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 921936]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2007-5-30

99248]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-6 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3

-30 1533808]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2008-3-7 29184]
R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2008-7-10 34816]
R3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2008-6-17 87424]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2006-12-13 87040]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-7 47616]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 15872]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-7-6 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 PSPRSERV;PSPR Control Service;c:\program files\elcomsoft\pspr\psprserv.exe [2007-5-21 21504]
S3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\drivers\swnc8u55.sys [2007-9-21 164480]
S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\drivers\swumx55.sys [2007-9-21 140672]

=============== Created Last 30 ================

2009-07-07 12:49 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-06 21:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-06 21:23 <DIR> --d----- c:\programdata\Lavasoft
2009-07-06 21:23 <DIR> --d----- c:\program files\Lavasoft
2009-07-06 21:22 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-06 21:22 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-06 16:20 <DIR> --d----- c:\users\user\Tracing
2009-07-06 15:57 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-07-06 15:57 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-07-06 15:56 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-07-06 15:56 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-07-06 15:55 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-06 13:25 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-06 12:44 <DIR> --d----- c:\program files\Microsoft
2009-07-06 10:26 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-06 10:26 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-06 10:26 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-06 10:26 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-06 10:26 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-06 10:26 11,264 a------- c:\windows\system32\icardres.dll
2009-07-06 10:26 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-06 10:26 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-06 10:24 43,319,296 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-07-06 10:24 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-07-06 10:24 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-07-06 10:11 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-06 10:11 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-06 10:11 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-06 10:11 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-06 10:11 83,968 a------- c:\windows\system32\mscories.dll
2009-07-06 10:03 72,704 a------- c:\windows\system32\admparse.dll
2009-07-06 07:15 428,032 a------- c:\windows\system32\EncDec.dll
2009-07-06 07:15 217,088 a------- c:\windows\system32\psisrndr.ax
2009-07-06 07:15 292,352 a------- c:\windows\system32\psisdecd.dll
2009-07-06 07:15 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-07-06 07:14 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-07-06 07:14 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-07-06 07:14 80,896 a------- c:\windows\system32\MSNP.ax
2009-07-06 07:14 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-07-05 20:14 <DIR> --d----- c:\programdata\NOS
2009-07-02 22:19 <DIR> --d----- c:\users\user\appdata\roaming\Shareaza
2009-07-02 22:19 <DIR> --d----- c:\program files\Shareaza
2009-07-01 13:27 <DIR> --d----- C:\perflogs
2009-06-30 18:22 696,832 a------- c:\windows\system32\localspl.dll
2009-06-30 17:03 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-06-30 17:03 2,030,080 a------- c:\windows\system32\win32k.sys
2009-06-29 19:15 206,504 a---h--- c:\windows\system32\mlfcache.dat
2009-06-29 10:11 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 10:11 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-28 16:58 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-28 16:58 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-28 16:58 <DIR> --d----- c:\program files\iPod
2009-06-28 16:58 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 16:58 <DIR> --d----- c:\program files\iTunes
2009-06-28 16:58 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-13 22:25 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-13 18:32 <DIR> --d----- c:\windows\system32\Adobe
2009-06-13 17:18 <DIR> --d----- c:\users\user\dwhelper
2009-06-12 16:22 319,488 a------- c:\windows\PINSTALLPROCESS.DLL

==================== Find3M ====================

2009-07-06 22:02 45,056 a------- c:\windows\system32\acovcnt.exe
2009-07-06 22:00 3,308 a------- c:\windows\bthservsdp.dat
2009-07-06 21:10 86,016 a------- c:\windows\inf\infstor.dat
2009-07-06 21:10 51,200 a------- c:\windows\inf\infpub.dat
2009-07-06 21:10 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-03 21:34 117,888 a------- c:\users\user\appdata\roaming\nvModes.dat
2009-06-29 10:09 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 10:09 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-09 15:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 15:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-06 09:55 174 a--sh--- c:\program files\desktop.ini
2009-04-25 02:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-06-26 03:21 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-07 11:42 16,384 a--sh---

c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-07 11:42 32,768 a--sh---

c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-07 11:42 16,384 a--sh---

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 13:14:46.07 ===============


Ad-Aware Log:

Logfile created: 6/07/2009 22:51:19
Lavasoft Ad-Aware version: 8.0
Extended engine version: 8.1
User performing scan: User

*********************** Definitions database information ***********************
Lavasoft definition file: 144.0
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 213265
Objects detected: 38


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 38
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *clickshift* Family Name: Cookies Clean status: Success Item ID: 409273 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *indextools* Family Name: Cookies Clean status: Success Item ID: 409194 Family ID: 0
Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *www.jackpotmadness* Family Name: Cookies Clean status: Success Item ID: 409186 Family ID: 0
Description: www.new* Family Name: Cookies Clean status: Success Item ID: 409109 Family ID: 0
Description: *dbbsrv* Family Name: Cookies Clean status: Success Item ID: 408881 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *clickshift* Family Name: Cookies Clean status: Success Item ID: 409273 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *indextools* Family Name: Cookies Clean status: Success Item ID: 409194 Family ID: 0
Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *www.jackpotmadness* Family Name: Cookies Clean status: Success Item ID: 409186 Family ID: 0
Description: www.new* Family Name: Cookies Clean status: Success Item ID: 409109 Family ID: 0
Description: *dbbsrv* Family Name: Cookies Clean status: Success Item ID: 408881 Family ID: 0

Scan and cleaning complete: Finished correctly after 4260 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Mon Jul 06 21:59:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Jul 06 21:59:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: display, domain: animated,display,dontnotify


****************************** System information ******************************
Computer name: BIG-USER-PC
Processor name: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Processor identifier: x86 Family 6 Model 23 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5894, number of processors 2
Physical memory available: 1098756096 bytes
Physical memory total: 2146041856 bytes
Virtual memory available: 2022756352 bytes
Virtual memory total: 2147352576 bytes
Memory load: 48%
Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Windows startup mode:

Running processes:
PID: 648 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 832 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 844 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 884 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 900 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1044 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1204 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1248 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1284 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1396 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1420 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1432 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1652 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1668 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1696 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1796 name: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1924 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 476 name: C:\Program Files\ATK Hotkey\AsLdrSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 520 name: C:\Program Files\ATKGFNEX\GFNEXSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 656 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1452 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1712 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2672 name: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe owner: User domain: BIG-USER-PC
PID: 2692 name: C:\Windows\System32\dwm.exe owner: User domain: BIG-USER-PC
PID: 2716 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2788 name: C:\Windows\System32\taskeng.exe owner: User domain: BIG-USER-PC
PID: 2832 name: C:\Windows\explorer.exe owner: User domain: BIG-USER-PC
PID: 2884 name: C:\Program Files\ASUS\SmartLogon\facemgr.exe owner: User domain: BIG-USER-PC
PID: 2904 name: C:\Program Files\ASUS\SmartLogon\sensorsrv.exe owner: User domain: BIG-USER-PC
PID: 3240 name: C:\Program Files\ATK Hotkey\HControl.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3248 name: C:\Program Files\Wireless Console 2\wcourier.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3256 name: C:\Program Files\ASUS\Splendid\ACMON.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3264 name: C:\Program Files\P4G\BatteryLife.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3296 name: C:\Windows\System32\ACEngSvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3396 name: C:\Program Files\ATK Hotkey\ATKOSD.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3428 name: C:\Program Files\ATK Hotkey\KBFiltr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3436 name: C:\Program Files\ATK Hotkey\WDC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3504 name: C:\Program Files\Windows Defender\MSASCui.exe owner: User domain: BIG-USER-PC
PID: 3576 name: C:\Windows\System32\rundll32.exe owner: User domain: BIG-USER-PC
PID: 3600 name: C:\Program Files\ASUS\ATK Media\DMedia.exe owner: User domain: BIG-USER-PC
PID: 3608 name: C:\Program Files\ATKOSD2\ATKOSD2.exe owner: User domain: BIG-USER-PC
PID: 3616 name: C:\Windows\RtHDVCpl.exe owner: User domain: BIG-USER-PC
PID: 3660 name: C:\Program Files\Synaptics\SynTP\SynTPStart.exe owner: User domain: BIG-USER-PC
PID: 3692 name: C:\Windows\System32\rundll32.exe owner: User domain: BIG-USER-PC
PID: 3712 name: C:\Program Files\AVG\AVG8\avgtray.exe owner: User domain: BIG-USER-PC
PID: 3728 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: User domain: BIG-USER-PC
PID: 3736 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: BIG-USER-PC
PID: 3768 name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe owner: User domain: BIG-USER-PC
PID: 3780 name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe owner: User domain: BIG-USER-PC
PID: 3800 name: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe owner: User domain: BIG-USER-PC
PID: 3868 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: BIG-USER-PC
PID: 3892 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: BIG-USER-PC
PID: 3924 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: User domain: BIG-USER-PC
PID: 2204 name: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\cmoUIMain.exe owner: User domain: BIG-USER-PC
PID: 2264 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: User domain: BIG-USER-PC
PID: 2304 name: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe owner: User domain: BIG-USER-PC
PID: 2444 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 928 name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2052 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1580 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2608 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2664 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3084 name: C:\Windows\System32\IFXSPMGT.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2592 name: C:\Windows\System32\IFXTCS.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3448 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1532 name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2520 name: C:\Windows\System32\spool\drivers\w32x86\3\lxdeserv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1528 name: C:\Windows\System32\lxdecoms.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1948 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2992 name: C:\Windows\System32\IfxPsdSv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3648 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3556 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2232 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3908 name: C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4024 name: C:\Program Files\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3652 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3348 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2580 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 4140 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4284 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4552 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4752 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4828 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 4944 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4964 name: C:\Program Files\ASUS\ASUS Live Update\ALU.exe owner: User domain: BIG-USER-PC
PID: 5024 name: C:\Windows\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 5136 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4368 name: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\QMICM.exe owner: User domain: BIG-USER-PC
PID: 6028 name: C:\Windows\System32\wuauclt.exe owner: User domain: BIG-USER-PC
PID: 2828 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1916 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: BIG-USER-PC

Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: Microsoft Pinyin IME Migration
imagepath: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
Name: NvSvc
imagepath: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: ATKMEDIA
imagepath: C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
Name: ATKOSD2
imagepath: "C:\Program Files\ATKOSD2\ATKOSD2.exe"
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: Skytel
imagepath: Skytel.exe
Name: SynTPStart
imagepath: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Name: CognizanceTS
imagepath: rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
Name: Kernel and Hardware Abstraction Layer
imagepath: KHALMNPR.EXE
Name: AppleSyncNotifier
imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Name: AVG8_TRAY
imagepath: C:\PROGRA~1\AVG\AVG8\avgtray.exe
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: ALG
displayname: Application Layer Gateway Service
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: ASBroker
displayname: Logon Session Broker
Name: ASChannel
displayname: Local Communication Channel
Name: ASLDRService
displayname: ASLDR Service
Name: ATKGFNEXSrv
displayname: ATKGFNEX Service
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: Automatic LiveUpdate Scheduler
displayname: Automatic LiveUpdate Scheduler
Name: avg8wd
displayname: AVG Free8 WatchDog
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: BthServ
displayname: Bluetooth Support Service
Name: CertPropSvc
displayname: Certificate Propagation
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: HFGService
displayname: Handsfree Headset Service
Name: hidserv
displayname: Human Interface Device Access
Name: hpqcxs08
displayname: hpqcxs08
Name: hpqddsvc
displayname: HP CUE DeviceDiscovery Service
Name: IFXSpMgtSrv
displayname: Security Platform Management Service
Name: IFXTCS
displayname: Trusted Platform Core Service
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LBTServ
displayname: Logitech Bluetooth Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: LiveUpdate Notice Service
displayname: LiveUpdate Notice Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: lxdeCATSCustConnectService
displayname: lxdeCATSCustConnectService
Name: lxde_device
displayname: lxde_device
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: Net Driver HPZ12
displayname: Net Driver HPZ12
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PersonalSecureDriveService
displayname: Personal Secure Drive Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: SCardSvr
displayname: Smart Card
Name: Schedule
displayname: Task Scheduler
Name: SDRSVC
displayname: Windows Backup
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: SessionEnv
displayname: Terminal Services Configuration
Name: SharedAccess
displayname: Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: spmgr
displayname: spmgr
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: TBS
displayname: TPM Base Services
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: Wecsvc
displayname: Windows Event Collector
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:16 AM

Posted 08 July 2009 - 06:26 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Do you still have the log from the Norton scan? If you do, can you please post it? Also please run Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Bxxx

Bxxx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 July 2009 - 11:46 PM

Hi Hoov,

Firstly thank's for taking your time to help me out, it's much appreciated.

Since i first posted this request for help i've scanned with AVG free 8.5, Ad-Aware Anniversary Edition, Spybot S&D, Nortons free security scan and now Malwarebytes. All of these programs have given me different results so i've pasted any results that i have below.

I don't have any results logs for Norton but the last Nortons scan i did didn't detect the trojan.wimad. It only detected 26 cookies.

Even though Nortons isn't detecting the trojan anymore my computer still keeps dropping the internet connection on and off in the "Network and Sharing Center" but says it's connected all the time on the "Maxon Telstra connection software window".

I hope i've supplied enough info to help you help me.

Thank's Bxxx.





AVG:

Scan "Scheduled scan" was finished.
Warnings;"10"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Thursday, 9 July 2009, 8:30:00 AM"
Scan finished:;"Thursday, 9 July 2009, 11:19:18 AM (2 hour(s) 49 minute(s) 17 second(s))"
Total object scanned:;"1630437"
User who launched the scan:;"SYSTEM"

Warnings
File;"Infection";"Result"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite;"Found Tracking cookie.Serving-sys";"Healed"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
D:\BIG-USER-PC\Backup Set 2009-07-01 211857\Backup Files 2009-07-01 211857\Backup files 11.zip:\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y19cdgiq.default\cookies.sqlite:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"








Below is Log from first scan with Ad-Aware, todays results were nil.

Logfile created: 6/07/2009 22:51:19
Lavasoft Ad-Aware version: 8.0
Extended engine version: 8.1
User performing scan: User

*********************** Definitions database information ***********************
Lavasoft definition file: 144.0
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 213265
Objects detected: 38


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 38
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *clickshift* Family Name: Cookies Clean status: Success Item ID: 409273 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *indextools* Family Name: Cookies Clean status: Success Item ID: 409194 Family ID: 0
Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *www.jackpotmadness* Family Name: Cookies Clean status: Success Item ID: 409186 Family ID: 0
Description: www.new* Family Name: Cookies Clean status: Success Item ID: 409109 Family ID: 0
Description: *dbbsrv* Family Name: Cookies Clean status: Success Item ID: 408881 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *clickshift* Family Name: Cookies Clean status: Success Item ID: 409273 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *indextools* Family Name: Cookies Clean status: Success Item ID: 409194 Family ID: 0
Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *www.jackpotmadness* Family Name: Cookies Clean status: Success Item ID: 409186 Family ID: 0
Description: www.new* Family Name: Cookies Clean status: Success Item ID: 409109 Family ID: 0
Description: *dbbsrv* Family Name: Cookies Clean status: Success Item ID: 408881 Family ID: 0

Scan and cleaning complete: Finished correctly after 4260 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Mon Jul 06 21:59:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Jul 06 21:59:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: display, domain: animated,display,dontnotify


****************************** System information ******************************
Computer name: BIG-USER-PC
Processor name: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Processor identifier: x86 Family 6 Model 23 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5894, number of processors 2
Physical memory available: 1098756096 bytes
Physical memory total: 2146041856 bytes
Virtual memory available: 2022756352 bytes
Virtual memory total: 2147352576 bytes
Memory load: 48%
Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Windows startup mode:

Running processes:
PID: 648 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 832 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 844 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 884 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 900 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1044 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1204 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1248 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1284 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1396 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1420 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1432 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1652 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1668 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1696 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1796 name: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1924 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 476 name: C:\Program Files\ATK Hotkey\AsLdrSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 520 name: C:\Program Files\ATKGFNEX\GFNEXSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 656 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1452 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1712 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2672 name: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe owner: User domain: BIG-USER-PC
PID: 2692 name: C:\Windows\System32\dwm.exe owner: User domain: BIG-USER-PC
PID: 2716 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2788 name: C:\Windows\System32\taskeng.exe owner: User domain: BIG-USER-PC
PID: 2832 name: C:\Windows\explorer.exe owner: User domain: BIG-USER-PC
PID: 2884 name: C:\Program Files\ASUS\SmartLogon\facemgr.exe owner: User domain: BIG-USER-PC
PID: 2904 name: C:\Program Files\ASUS\SmartLogon\sensorsrv.exe owner: User domain: BIG-USER-PC
PID: 3240 name: C:\Program Files\ATK Hotkey\HControl.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3248 name: C:\Program Files\Wireless Console 2\wcourier.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3256 name: C:\Program Files\ASUS\Splendid\ACMON.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3264 name: C:\Program Files\P4G\BatteryLife.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3296 name: C:\Windows\System32\ACEngSvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3396 name: C:\Program Files\ATK Hotkey\ATKOSD.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3428 name: C:\Program Files\ATK Hotkey\KBFiltr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3436 name: C:\Program Files\ATK Hotkey\WDC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3504 name: C:\Program Files\Windows Defender\MSASCui.exe owner: User domain: BIG-USER-PC
PID: 3576 name: C:\Windows\System32\rundll32.exe owner: User domain: BIG-USER-PC
PID: 3600 name: C:\Program Files\ASUS\ATK Media\DMedia.exe owner: User domain: BIG-USER-PC
PID: 3608 name: C:\Program Files\ATKOSD2\ATKOSD2.exe owner: User domain: BIG-USER-PC
PID: 3616 name: C:\Windows\RtHDVCpl.exe owner: User domain: BIG-USER-PC
PID: 3660 name: C:\Program Files\Synaptics\SynTP\SynTPStart.exe owner: User domain: BIG-USER-PC
PID: 3692 name: C:\Windows\System32\rundll32.exe owner: User domain: BIG-USER-PC
PID: 3712 name: C:\Program Files\AVG\AVG8\avgtray.exe owner: User domain: BIG-USER-PC
PID: 3728 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: User domain: BIG-USER-PC
PID: 3736 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: BIG-USER-PC
PID: 3768 name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe owner: User domain: BIG-USER-PC
PID: 3780 name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe owner: User domain: BIG-USER-PC
PID: 3800 name: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe owner: User domain: BIG-USER-PC
PID: 3868 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: BIG-USER-PC
PID: 3892 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: BIG-USER-PC
PID: 3924 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: User domain: BIG-USER-PC
PID: 2204 name: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\cmoUIMain.exe owner: User domain: BIG-USER-PC
PID: 2264 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: User domain: BIG-USER-PC
PID: 2304 name: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe owner: User domain: BIG-USER-PC
PID: 2444 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 928 name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2052 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1580 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2608 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2664 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3084 name: C:\Windows\System32\IFXSPMGT.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2592 name: C:\Windows\System32\IFXTCS.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3448 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1532 name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2520 name: C:\Windows\System32\spool\drivers\w32x86\3\lxdeserv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1528 name: C:\Windows\System32\lxdecoms.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1948 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2992 name: C:\Windows\System32\IfxPsdSv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3648 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3556 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2232 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3908 name: C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4024 name: C:\Program Files\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3652 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3348 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2580 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 4140 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4284 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4552 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4752 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4828 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 4944 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4964 name: C:\Program Files\ASUS\ASUS Live Update\ALU.exe owner: User domain: BIG-USER-PC
PID: 5024 name: C:\Windows\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 5136 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4368 name: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\QMICM.exe owner: User domain: BIG-USER-PC
PID: 6028 name: C:\Windows\System32\wuauclt.exe owner: User domain: BIG-USER-PC
PID: 2828 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1916 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: BIG-USER-PC

Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: Microsoft Pinyin IME Migration
imagepath: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
Name: NvSvc
imagepath: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: ATKMEDIA
imagepath: C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
Name: ATKOSD2
imagepath: "C:\Program Files\ATKOSD2\ATKOSD2.exe"
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: Skytel
imagepath: Skytel.exe
Name: SynTPStart
imagepath: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Name: CognizanceTS
imagepath: rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
Name: Kernel and Hardware Abstraction Layer
imagepath: KHALMNPR.EXE
Name: AppleSyncNotifier
imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Name: AVG8_TRAY
imagepath: C:\PROGRA~1\AVG\AVG8\avgtray.exe
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: ALG
displayname: Application Layer Gateway Service
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: ASBroker
displayname: Logon Session Broker
Name: ASChannel
displayname: Local Communication Channel
Name: ASLDRService
displayname: ASLDR Service
Name: ATKGFNEXSrv
displayname: ATKGFNEX Service
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: Automatic LiveUpdate Scheduler
displayname: Automatic LiveUpdate Scheduler
Name: avg8wd
displayname: AVG Free8 WatchDog
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: BthServ
displayname: Bluetooth Support Service
Name: CertPropSvc
displayname: Certificate Propagation
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: HFGService
displayname: Handsfree Headset Service
Name: hidserv
displayname: Human Interface Device Access
Name: hpqcxs08
displayname: hpqcxs08
Name: hpqddsvc
displayname: HP CUE DeviceDiscovery Service
Name: IFXSpMgtSrv
displayname: Security Platform Management Service
Name: IFXTCS
displayname: Trusted Platform Core Service
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LBTServ
displayname: Logitech Bluetooth Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: LiveUpdate Notice Service
displayname: LiveUpdate Notice Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: lxdeCATSCustConnectService
displayname: lxdeCATSCustConnectService
Name: lxde_device
displayname: lxde_device
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: Net Driver HPZ12
displayname: Net Driver HPZ12
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PersonalSecureDriveService
displayname: Personal Secure Drive Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: SCardSvr
displayname: Smart Card
Name: Schedule
displayname: Task Scheduler
Name: SDRSVC
displayname: Windows Backup
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: SessionEnv
displayname: Terminal Services Configuration
Name: SharedAccess
displayname: Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: spmgr
displayname: spmgr
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: TBS
displayname: TPM Base Services
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: Wecsvc
displayname: Windows Event Collector
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework







SPYBOT S&D

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-05-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-06-02 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-06-02 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-06-23 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-06-30 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-06-30 Includes\Malware.sbi
2009-06-30 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-06-30 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-14 Includes\Security.sbi
2009-06-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-06-02 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi
2009-06-30 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6000) (6.0.6000)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--- Startup entries list ---
Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 506712
MD5: 0264402F172985D49D324C20B9214F53

Located: HK_LM:Run, ASUS Camera ScreenSaver
command: C:\Windows\ASScrProlog.exe
file: C:\Windows\ASScrProlog.exe
size: 39480
MD5: C45C2E1A1B3CECBBEC18319CF14CFA1A

Located: HK_LM:Run, ASUS Screen Saver Protector
command: C:\Windows\ASScrPro.exe
file: C:\Windows\ASScrPro.exe
size: 33136
MD5: 12C5C40440637B87D61600AE3DBEFA70

Located: HK_LM:Run, ATKMEDIA
command: C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
file: C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
size: 61440
MD5: FA076AE9916A801CAD714DA2B983506D

Located: HK_LM:Run, ATKOSD2
command: "C:\Program Files\ATKOSD2\ATKOSD2.exe"
file: C:\Program Files\ATKOSD2\ATKOSD2.exe
size: 7708672
MD5: C49D6A081C9212174ADF3594C8AAAB0B

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292136
MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0

Located: HK_LM:Run, Microsoft Pinyin IME Migration
command: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
file: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE
size: 33128
MD5: 56DB2868928AECAEDA35D9B8F8452993

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 8501792
MD5: 045D76102E991D9B35AB38F517907FB6

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 239899C9A548E58F28173F50AA8E2B56

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 86016
MD5: 0E0E3F94943BED339BA6D40307FB9BD6

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4702208
MD5: 26C7282EF69A41A99CBA35410AF9E31D

Located: HK_LM:Run, Skytel
command: Skytel.exe
file: C:\Windows\Skytel.exe
size: 1826816
MD5: 1AFA1CBBB859A9F335FEC2F8CF3D5D0B

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389

Located: HK_LM:Run, SynTPStart
command: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
file: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
size: 102400
MD5: 9A2B413994133284DF08AFF3492ED040

Located: HK_LM:Run, Telstra_TM
command: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe
file: C:\Program Files\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe
size: 245760
MD5: DB7C501FC78F82841384C68D98D9E954

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 414992
MD5: CB8426F9B0E2C43FC96ACBE9EE2490BC

Located: HK_LM:Run, Adobe Photo Downloader (DISABLED)
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3

Located: HK_LM:Run, AirCardEnabler (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, AppleSyncNotifier (DISABLED)
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 177472
MD5: DE4D11F4BE09485C2272ADEF058D525F

Located: HK_LM:Run, CognizanceTS (DISABLED)
command: rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
file: C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll
size: 17920
MD5: 09B9F07E4D91B4EC48D7271110136881

Located: HK_LM:Run, FaxCenterServer (DISABLED)
command: "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
file: C:\Program Files\Lexmark Fax Solutions\fm3032.exe
size: 316336
MD5: 7DEA7122F6B0798C526A69C67C25F002

Located: HK_LM:Run, HP Software Update (DISABLED)
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer (DISABLED)
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 55824
MD5: F9E700BB7257EF2CDCB22EE499329E29

Located: HK_LM:Run, lxdeamon (DISABLED)
command: "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
file: C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
size: 20480
MD5: 9D8762E2802C4E34CFD41DBB3D934CAE

Located: HK_LM:Run, lxdemon.exe (DISABLED)
command: "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
file: C:\Program Files\Lexmark 4800 Series\lxdemon.exe
size: 455600
MD5: F53DB15F76283D29065F339FA6DA089B

Located: HK_LM:Run, MAXON_MINIMAX (DISABLED)
command: C:\Program Files\MAXON\MiniMax\Bin\Demon6280.exe
file: C:\Program Files\MAXON\MiniMax\Bin\Demon6280.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, PCSuiteTrayApplication (DISABLED)
command: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
file: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
size: 227328
MD5: 37192DB9D21491B6C923473CC9739DD1

Located: HK_LM:Run, PowerForPhone (DISABLED)
command: "C:\Program Files\P4P\P4P.exe"
file: C:\Program Files\P4P\P4P.exe
size: 778240
MD5: D85098BFADBAC38BD2B3CBDD08285FDF

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, SMSERIAL (DISABLED)
command: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
file: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 655360
MD5: 3CFE49B743B497D59EF3C26229C1E4FE

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
size: 144784
MD5: E8C086DA635EB410FEF106CB279ADFBF

Located: HK_LM:Run, WatcherHelper (DISABLED)
command: "C:\Program files\Telstra\Telstra Turbo Connection Manager\WaHelper.exe"
file: C:\Program files\Telstra\Telstra Turbo Connection Manager\WaHelper.exe
size: 120088
MD5: 19A40442DB92A11BDFAF946AFEED1B7D

Located: HK_CU:Run, Nokia.PCSync (DISABLED)
where: .DEFAULT...
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 1744896
MD5: 9BE8BA4D4EF5F5213684AF159BBC9C5C

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2159104
MD5: 736A6F5FF321AAAAB140B1100E345F04

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2159104
MD5: 736A6F5FF321AAAAB140B1100E345F04

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3972425699-800320339-4264914539-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, swg
where: S-1-5-21-3972425699-800320339-4264914539-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

Located: HK_CU:Run, ehTray.exe (DISABLED)
where: S-1-5-21-3972425699-800320339-4264914539-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A

Located: HK_CU:Run, msnmsgr (DISABLED)
where: S-1-5-21-3972425699-800320339-4264914539-1000...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136

Located: HK_CU:Run, Skype (DISABLED)
where: S-1-5-21-3972425699-800320339-4264914539-1000...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 24264488
MD5: E52F62AA37AA8B9D9E5DEF5C587C68B1

Located: HK_CU:Run, Nokia.PCSync (DISABLED)
where: S-1-5-18...
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 1744896
MD5: 9BE8BA4D4EF5F5213684AF159BBC9C5C

Located: Startup (common), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 784912
MD5: 4212D11C8599A16F05E8CC68F3177673



--- Browser helper object list ---
{053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: HP Print Clips
Path: C:\Program Files\HP\Smart Web Printing\
Long name: hpswp_framework.dll
Short name: HPSWP_~3.DLL
Date (created): 2/03/2007 4:52:08 PM
Date (last access): 9/07/2008 12:49:26 PM
Date (last write): 2/03/2007 4:52:08 PM
Filesize: 177768
Attributes: readonly archive
MD5: A40456DE4EF7E318104955361C72AC9D
CRC32: 6F06AAE2
Version: 2.15.7.0

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} (Lexmark Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Lexmark Toolbar
Path: C:\Program Files\Lexmark Toolbar\
Long name: toolband.dll
Short name:
Date (created): 30/05/2007 7:04:00 AM
Date (last access): 6/07/2008 8:42:04 PM
Date (last write): 30/05/2007 7:04:00 AM
Filesize: 258048
Attributes: archive
MD5: D631086D9E561B99D1140C3C912BD0D9
CRC32: 526A3603

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 6/05/2009 12:28:48 PM
Date (last access): 8/05/2009 9:47:10 AM
Date (last write): 8/05/2009 9:47:10 AM
Filesize: 1107224
Attributes: archive
MD5: 0E973A31F29162137959DBD4B07D38C9
CRC32: 03627923
Version: 8.5.0.310

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/05/2009 11:08:32 AM
Date (last access): 6/05/2009 11:08:32 AM
Date (last write): 26/01/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll
Short name: SEPSEA~1.DLL
Date (created): 19/05/2009 11:36:18 AM
Date (last access): 6/07/2009 5:38:16 PM
Date (last write): 19/05/2009 11:36:18 AM
Filesize: 137600
Attributes: archive
MD5: F655CDD5506FBB4C40C08C9C6A66F7C8
CRC32: 579241EB
Version: 1.3.59.0

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 12/02/2009 3:19:32 PM
Date (last access): 6/07/2009 10:58:40 AM
Date (last write): 12/02/2009 3:19:32 PM
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 25/06/2008 9:54:16 PM
Date (last access): 25/03/2008 2:37:02 AM
Date (last write): 25/03/2008 4:28:02 AM
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2

{7c5c0f58-e061-457d-9033-77307f5ed00c} (TorrentMan Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: TorrentMan Toolbar
Path: C:\Program Files\TorrentMan\
Long name: tbTorr.dll
Short name:
Date (created): 30/06/2008 12:19:56 AM
Date (last access): 30/06/2008 12:19:56 AM
Date (last write): 21/05/2008 12:43:38 AM
Filesize: 1526296
Attributes: archive
MD5: 854A99A7E2AC21ED3622F640F3933EB6
CRC32: 3CE6E096
Version: 4.5.186.2

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 30/03/2009 4:31:54 PM
Date (last access): 6/07/2009 12:44:10 PM
Date (last write): 30/03/2009 4:31:54 PM
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0

{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG8\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 29/06/2009 10:11:22 AM
Date (last access): 29/06/2009 10:11:22 AM
Date (last write): 14/06/2009 4:07:58 PM
Filesize: 1004800
Attributes: archive
MD5: 33C6E577E8C9B1FACD451E12D5A27BDD
CRC32: 943234A1
Version: 2.506.14.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name: GOOGLE~1.DLL
Date (created): 18/06/2009 6:15:48 PM
Date (last access): 18/06/2009 6:15:48 PM
Date (last write): 18/06/2009 5:48:46 PM
Filesize: 259696
Attributes: archive
MD5: B2A3EE0D6570BAE9BD90892E0009A6AB
CRC32: 230192E8
Version: 6.1.1715.1442

{ADECBED6-0366-4377-A739-E69DFBA04663} (Catcher Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Catcher Class
Path: C:\Program Files\Moyea\FLV Downloader\
Long name: MoyeaCth.dll
Short name:
Date (created): 12/07/2008 4:43:30 AM
Date (last access): 12/07/2008 4:43:30 AM
Date (last write): 5/12/2007 9:25:24 AM
Filesize: 94208
Attributes: archive
MD5: 06D8D2F98C70B190F8F14125FD82EBAF
CRC32: 924C9D97
Version: 1.0.0.2

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 18/06/2009 6:15:52 PM
Date (last access): 18/06/2009 6:15:52 PM
Date (last write): 18/06/2009 6:15:54 PM
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
Path: C:\Program Files\Google\Google Toolbar\Component\
Long name: fastsearch_A8904FB862BD9564.dll
Short name: FASTSE~1.DLL
Date (created): 30/04/2009 2:47:00 PM
Date (last access): 30/04/2009 2:47:00 PM
Date (last write): 30/04/2009 2:47:00 PM
Filesize: 470512
Attributes: archive
MD5: E35BCCB1D1D96F8E5B09C72AF70EC3F6
CRC32: 73C702FE
Version: 1.0.610.27482

{DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ASUS Security Protect Manager
CLSID name: ASUS Security Protect Manager
Path: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\
Long name: ItIEAddIn.dll
Short name: ITIEAD~1.DLL
Date (created): 21/11/2006 8:59:00 AM
Date (last access): 25/06/2008 6:53:36 PM
Date (last write): 21/11/2006 8:59:00 AM
Filesize: 70928
Attributes: readonly archive
MD5: AB92A952F1580005A64E0244E35D450E
CRC32: 6B3D0448
Version: 2.1.0.78

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live\Toolbar\
Long name: wltcore.dll
Short name:
Date (created): 6/02/2009 6:17:46 PM
Date (last access): 6/07/2009 3:57:00 PM
Date (last write): 6/02/2009 6:17:46 PM
Filesize: 1068904
Attributes: archive
MD5: 28455424E3C8B81661C5A40E18066BB1
CRC32: E5BA354B
Version: 14.0.8064.206



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: npjpi160_06.dll
Short name: NPJPI1~1.DLL
Date (created): 25/03/2008 2:37:02 AM
Date (last access): 25/03/2008 2:37:02 AM
Date (last write): 25/03/2008 4:28:02 AM
Filesize: 132496
Attributes: archive
MD5: 5522AFEAB77DD6D401F3FE5C0A46122E
CRC32: F643B062
Version: 6.0.60.2

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 25/06/2008 9:54:16 PM
Date (last access): 25/03/2008 2:37:02 AM
Date (last write): 25/03/2008 4:28:02 AM
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: npjpi160_06.dll
Short name: NPJPI1~1.DLL
Date (created): 25/03/2008 2:37:02 AM
Date (last access): 25/03/2008 2:37:02 AM
Date (last write): 25/03/2008 4:28:02 AM
Filesize: 132496
Attributes: archive
MD5: 5522AFEAB77DD6D401F3FE5C0A46122E
CRC32: F643B062
Version: 6.0.60.2

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 3/02/2009 12:07:18 PM
Date (last access): 6/07/2009 2:52:52 PM
Date (last write): 3/02/2009 12:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87

{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object)
DPF name:
CLSID name: Flash Casino Helper Object
Installer: C:\Windows\Downloaded Program Files\flashax2.inf
Codebase: https://spinpalace.microgaming.com/spinpalace/FlashAX2.cab
Path: C:\Windows\system32\FlashAX2\
Long name: FlashAX2.ocx
Short name:
Date (created): 1/04/2008 1:41:10 PM
Date (last access): 1/04/2008 1:41:10 PM
Date (last write): 1/04/2008 1:41:10 PM
Filesize: 206336
Attributes: archive
MD5: 598F0419367DA691581AA9DC5F91E53F
CRC32: BDF82D33
Version: 2.0.0.5



--- Process list ---
PID: 2728 (1156) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
size: 65536
MD5: 3F91D1056D2CEBEF374BE0E55428190A
PID: 2736 (1408) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 2824 (2704) C:\Windows\Explorer.EXE
size: 2923520
MD5: 37440D09DEAE0B672A04DCCF7ABF06BE
PID: 2852 (1428) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 2952 (2852) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
size: 297528
MD5: 6972A1012AF01154E517167D7DC28379
PID: 2984 (2852) C:\Program Files\ASUS\SmartLogon\facemgr.exe
size: 477752
MD5: 6ACCDA9C5D15B38FEB9BF28DEF4F5497
PID: 3400 (2824) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 3424 (2824) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
size: 102400
MD5: 9A2B413994133284DF08AFF3492ED040
PID: 3436 (2824) C:\Program Files\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
PID: 3456 (2824) C:\Program Files\iTunes\iTunesHelper.exe
size: 292136
MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0
PID: 3464 (2824) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389
PID: 3472 (2824) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
PID: 3480 (2824) C:\Program Files\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe
size: 245760
MD5: DB7C501FC78F82841384C68D98D9E954
PID: 3492 (2824) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 506712
MD5: 0264402F172985D49D324C20B9214F53
PID: 3508 (2824) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3548 (2824) C:\Windows\ASScrPro.exe
size: 33136
MD5: 12C5C40440637B87D61600AE3DBEFA70
PID: 3568 (2824) C:\Program Files\ATKOSD2\ATKOSD2.exe
size: 7708672
MD5: C49D6A081C9212174ADF3594C8AAAB0B
PID: 3604 (2824) C:\Program Files\ASUS\ATK Media\DMedia.exe
size: 61440
MD5: FA076AE9916A801CAD714DA2B983506D
PID: 3624 (2824) C:\Windows\RtHDVCpl.exe
size: 4702208
MD5: 26C7282EF69A41A99CBA35410AF9E31D
PID: 3664 (3424) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1021224
MD5: E0033A799C7C761618AA22ECE403240E
PID: 3712 (2824) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3740 (2824) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 3748 (3676) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3756 (2824) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 784912
MD5: 4212D11C8599A16F05E8CC68F3177673
PID: 3944 (3756) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 55824
MD5: 0C3BF35A6AADC2708875DA3B866A22E0
PID: 5116 (2852) C:\Program Files\ASUS\ASUS Live Update\ALU.exe
size: 51768
MD5: F4DCD4912B185C3AAEB92A7040832AD1
PID: 2268 (1428) C:\Windows\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 5516 (2824) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 7BCD38739B6864592DDA34C7FCF3079B
PID: 6132 (2824) C:\Program Files\Telstra\Telstra Turbo Modem\Bin\cmoUIMain.exe
size: 2625536
MD5: 6BAF97ECAFCB63FBFD1D6B29D110ADF9
PID: 2520 (6132) C:\Program Files\Telstra\Telstra Turbo Modem\Bin\QMICM.exe
size: 1048576
MD5: 87215FFC9EBBE5F7E8CF01C4370CC254
PID: 5244 (2880) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1287440
MD5: 8C011B63EC5B2ABFBF4CCF5212794F52
PID: 976 (5244) C:\Windows\system32\NOTEPAD.EXE
size: 151040
MD5: FF7F14FDA901090E337488A1900E3660
PID: 5440 (2824) C:\Program Files\Norton Security Scan\Nss.exe
size: 828280
MD5: 80AD728AE761DBC77BFE3CC9324572B2
PID: 5824 (2824) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
size: 12438896
MD5: A4FF8C541A8F45431151EDFCC7920F26
PID: 4200 (5824) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 692504
MD5: 4CAA24310158014FC9F6CC87BA50D5A6
PID: 3112 (3712) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5316 (3112) C:\Windows\hh.exe
size: 14848
MD5: 7C06CED2F7B9272A126D53A2A9F52AC0
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 604 ( 4) smss.exe
size: 62976
PID: 744 ( 732) csrss.exe
size: 7680
PID: 796 ( 732) wininit.exe
size: 95744
PID: 808 ( 788) csrss.exe
size: 7680
PID: 848 ( 796) services.exe
size: 279552
PID: 860 ( 796) lsass.exe
size: 7680
PID: 868 ( 796) lsm.exe
size: 210944
PID: 1048 ( 788) winlogon.exe
size: 308224
PID: 1156 ( 848) svchost.exe
size: 22016
PID: 1196 ( 848) svchost.exe
size: 22016
PID: 1240 ( 848) svchost.exe
size: 22016
PID: 1272 ( 848) svchost.exe
size: 22016
PID: 1376 ( 848) svchost.exe
size: 22016
PID: 1408 ( 848) svchost.exe
size: 22016
PID: 1428 ( 848) svchost.exe
size: 22016
PID: 1568 (1376) audiodg.exe
size: 88064
PID: 1632 ( 848) svchost.exe
size: 22016
PID: 1652 ( 848) SLsvc.exe
size: 2605568
PID: 1680 ( 848) svchost.exe
size: 22016
PID: 1772 ( 848) LBTServ.exe
PID: 1912 ( 848) svchost.exe
size: 22016
PID: 428 ( 848) AsLdrSrv.exe
PID: 460 ( 848) GFNEXSrv.exe
PID: 532 ( 848) AAWService.exe
PID: 1088 ( 848) spoolsv.exe
size: 124928
PID: 1288 ( 848) svchost.exe
size: 22016
PID: 2764 (1428) taskeng.exe
size: 166400
PID: 3232 ( 428) HControl.exe
PID: 3244 ( 428) wcourier.exe
PID: 3252 ( 428) ACMON.exe
PID: 3260 ( 428) BatteryLife.exe
PID: 3308 (1156) ACEngSvr.exe
size: 155648
PID: 3612 (3232) ATKOSD.exe
PID: 3928 (3232) KBFiltr.exe
PID: 3960 (3232) WDC.exe
PID: 1824 ( 848) AppleMobileDeviceService.exe
PID: 1816 ( 848) AluSchedulerSvc.exe
PID: 2476 ( 848) avgwdsvc.exe
PID: 2612 ( 848) mDNSResponder.exe
PID: 2132 ( 848) svchost.exe
size: 22016
PID: 1892 ( 848) svchost.exe
size: 22016
PID: 3160 ( 848) IFXSPMGT.exe
size: 677408
PID: 3340 (2476) avgrsx.exe
PID: 3300 ( 848) IFXTCS.exe
size: 849440
PID: 2656 (2476) avgnsx.exe
PID: 3640 ( 848) LSSrvc.exe
PID: 3848 ( 848) PIFSvc.exe
PID: 3952 ( 848) lxdeserv.exe
PID: 2144 ( 848) lxdecoms.exe
size: 598960
PID: 2184 ( 848) IfxPsdSv.exe
size: 140832
PID: 2364 ( 848) svchost.exe
size: 22016
PID: 888 ( 848) SeaPort.exe
PID: 3208 ( 848) spmgr.exe
PID: 1676 ( 848) svchost.exe
size: 22016
PID: 2336 ( 848) WLIDSVC.EXE
PID: 4136 ( 848) SearchIndexer.exe
size: 287744
PID: 4248 ( 848) svchost.exe
size: 22016
PID: 4388 ( 848) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 4724 (2336) WLIDSVCM.EXE
PID: 4812 ( 848) iPodService.exe
PID: 4820 (1156) unsecapp.exe
PID: 4904 ( 848) alg.exe
size: 58880
PID: 5056 (1156) WmiPrvSE.exe
PID: 4788 ( 848) svchost.exe
size: 22016


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/07/2009 2:16:46 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.asus.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.asus.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A906B5F8-9182-4232-B6BD-72E1BC054B64}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A906B5F8-9182-4232-B6BD-72E1BC054B64}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D78B665-2D30-4CE9-B631-AB844716096D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D78B665-2D30-4CE9-B631-AB844716096D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{829167DC-5B40-4F8C-B044-3B9F13FD11A5}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{829167DC-5B40-4F8C-B044-3B9F13FD11A5}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9075695-9A44-457B-B083-C4EF1639984E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9075695-9A44-457B-B083-C4EF1639984E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A906B5F8-9182-4232-B6BD-72E1BC054B64}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A906B5F8-9182-4232-B6BD-72E1BC054B64}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0D78B665-2D30-4CE9-B631-AB844716096D}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0D78B665-2D30-4CE9-B631-AB844716096D}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{829167DC-5B40-4F8C-B044-3B9F13FD11A5}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{829167DC-5B40-4F8C-B044-3B9F13FD11A5}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9075695-9A44-457B-B083-C4EF1639984E}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9075695-9A44-457B-B083-C4EF1639984E}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 7: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP







MALWAREBYTES


Malwarebytes' Anti-Malware 1.38
Database version: 2397
Windows 6.0.6000

9/07/2009 1:07:01 PM
mbam-log-2009-07-09 (13-07-01).txt

Scan type: Quick Scan
Objects scanned: 87320
Time elapsed: 12 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\User\AppData\Roaming\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\errorsmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\User\AppData\Roaming\errorsmart\registry backups\2008-06-26_02-37-20.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\errorsmart\registry backups\2008-06-30_08-26-28.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:16 AM

Posted 09 July 2009 - 11:47 AM

Cookies are something you will never be able to keep ahead of. Just get rid of them on a regular basis.

About your internet connection,

Click Start. click run, type: cmd, and press CTRL+SHIFT+Enter
Type: netsh winsock reset, and then press the ENTER key.
Type: Exit and press ENTER.
Restart the computer.


Let me know how that works.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:16 AM

Posted 24 July 2009 - 10:54 AM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users