Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When I click on one link leads to another. (includes hijackthis report)


  • This topic is locked This topic is locked
2 replies to this topic

#1 ayishik

ayishik

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 06 December 2009 - 10:49 AM

First of all, I clicked on a facebook link when all of a sudden antivir popped up, at first I thought it was norton, so i was like okay, fix it, but then when it asked to install it i realized it wasn't. I canceled it, but it downloaded on it's own. I have tried many differen't programs and finally (hopefully) got rid of that as well as a bho trojan. Then I downloaded a keygen for something, scanned for viruses and nothing came up, so I opened keygen.exe and it disappeared. Then when I try to click on a website link it normally leads to a random website. This is a new computer and on start up it now has a black screen until i force something to open or it takes a few minutes.

I tried to restore my computer 4 times now and every time it says an error occurred. I have tried, spyware doctor (rid of the antivir), registry booster, super antispyware, avg free, norton internet security, something zilla which i believe gave false negatives, malwarebytes, as well as bitdefender and f-secure online scanners. dllhost.exe and rundll32.exe are running as processes, not sure if they are bad or not.

I'm running Vista home basic. anything else I can provide, let me know and thank you for your time. I have been dealing with this since 5:00 last night it's now 6:50 am.

Every time I run reg cure, it says it fixed the problem, but when I scan it again, it says I have com/activeX entries, file/path reference and empty registry files. is it just stuff that is continuing to build up or is it not fixing them? When I cleaned it the last time is said Svchost.exe stopped working

as of the 6th I scanned malwarebytes again and combo fix, i'm adding those logs now. I also used atf cleaner, but i don't think it worked.

While Combofix was running the screen was completely black and toward the middle it said PEV.exe stopped working then towards the end it said cannot find file whitedir01
Here is the Hijackthis info

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:43 AM, on 12/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1810
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1810
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1810
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1810
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10930 bytes



Malwarebytes:

Malwarebytes' Anti-Malware 1.42
Database version: 3303
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

12/6/2009 2:01:00 AM
mbam-log-2009-12-06 (02-01-00).txt

Scan type: Quick Scan
Objects scanned: 92583
Time elapsed: 16 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Combofix:

ComboFix 09-12-06.09 - Calliann 12/06/2009 20:57.1.1 - x86
Microsoft® Windows Vistaāā€˛¢ Home Basic 6.0.6001.1.1252.1.1033.18.3326.2480 [GMT -9:00]
Running from: c:\users\Calliann\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\TEMP\{081D73FD-B6C5-4C93-B197-2F7D5A023B52}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_IsRes.dll
c:\windows\TEMP\{081D73FD-B6C5-4C93-B197-2F7D5A023B52}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_ISUser.dll
c:\windows\TEMP\{081D73FD-B6C5-4C93-B197-2F7D5A023B52}\{7F811A54-5A09-4579-90E1-C93498E230D9}\isrt.dll
c:\windows\TEMP\{08296A29-1528-4398-816A-8ED9D2657E82}\_Setup.dll
c:\windows\TEMP\{8D03A2D1-787D-461D-8F3C-29BCBDFFCC00}\_Setup.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 07:14 . 2009-12-07 07:22 -------- d-----w- c:\users\Calliann\AppData\Local\temp
2009-12-07 07:14 . 2009-12-07 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-07 04:59 . 2009-12-07 04:59 -------- d-----w- c:\program files\MSSOAP
2009-12-07 04:56 . 2009-11-07 00:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-12-07 04:55 . 2009-12-07 04:55 -------- d-----w- c:\users\Calliann\AppData\Roaming\Webroot
2009-12-07 04:55 . 2009-12-07 04:55 -------- d-----w- c:\programdata\Webroot
2009-12-07 04:55 . 2009-12-07 04:55 -------- d-----w- c:\program files\Webroot
2009-12-07 04:52 . 2009-12-07 04:52 164 ----a-w- c:\windows\install.dat
2009-12-07 02:09 . 2009-12-06 03:38 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-12-07 02:05 . 2009-11-04 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\NAVENG.SYS
2009-12-06 15:31 . 2009-12-06 15:31 -------- d-----w- c:\program files\Trend Micro
2009-12-06 14:07 . 2009-12-06 14:07 -------- d-----w- c:\programdata\RegCure
2009-12-06 14:07 . 2009-12-06 15:06 16384 d-----w- c:\program files\RegCure
2009-12-06 12:27 . 2009-12-06 12:53 -------- d-----w- c:\users\Calliann\AppData\Roaming\QuickScan
2009-12-06 12:25 . 2009-11-27 02:39 678912 ----a-w- c:\users\Calliann\AppData\Roaming\Mozilla\Firefox\Profiles\b8r5gb66.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-06 12:25 . 2009-11-27 02:37 768512 ----a-w- c:\users\Calliann\AppData\Roaming\Mozilla\Firefox\Profiles\b8r5gb66.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-06 11:48 . 2009-12-06 11:48 -------- d-----w- c:\programdata\F-Secure
2009-12-06 09:06 . 2009-12-06 09:06 -------- d-----w- c:\program files\Uniblue
2009-12-06 09:02 . 2009-12-06 09:02 117760 ----a-w- c:\users\Calliann\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-06 09:01 . 2009-12-06 09:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 09:01 . 2009-12-06 09:01 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 09:01 . 2009-12-06 09:01 -------- d-----w- c:\users\Calliann\AppData\Roaming\SUPERAntiSpyware.com
2009-12-06 07:55 . 2009-12-06 08:32 4096 d-----w- c:\program files\STOPzilla!
2009-12-06 05:19 . 2009-12-06 05:19 -------- d-----w- c:\users\Calliann\AppData\Roaming\Malwarebytes
2009-12-06 05:19 . 2009-12-04 01:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-06 05:19 . 2009-12-06 05:19 -------- d-----w- c:\programdata\Malwarebytes
2009-12-06 05:19 . 2009-12-04 01:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 05:19 . 2009-12-06 05:19 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-06 04:43 . 2009-12-06 04:43 -------- d-----w- c:\users\Calliann\AppData\Roaming\PC Tools
2009-12-06 04:43 . 2009-12-06 04:43 -------- d-----w- c:\programdata\PC Tools
2009-12-06 03:38 . 2009-12-06 07:18 -------- d-----w- C:\$AVG
2009-12-06 03:38 . 2009-12-06 03:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-06 03:38 . 2009-12-06 03:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-06 03:38 . 2009-12-06 03:38 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-06 03:38 . 2009-12-07 02:11 4096 d-----w- c:\windows\system32\drivers\Avg
2009-12-06 03:38 . 2009-12-06 03:38 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-06 03:37 . 2009-12-06 03:37 -------- d-----w- c:\program files\AVG
2009-12-06 03:37 . 2009-12-06 03:37 4096 d-----w- c:\programdata\avg9
2009-12-06 02:30 . 2009-12-06 02:30 -------- d-----w- c:\programdata\SITEguard
2009-12-06 02:29 . 2009-12-06 08:32 -------- d-----w- c:\programdata\STOPzilla!
2009-12-06 02:29 . 2009-12-06 02:29 -------- d-----w- c:\program files\Common Files\iS3
2009-12-06 02:14 . 2009-12-06 02:14 -------- d-----w- c:\program files\Common Files\Uninstall
2009-12-04 09:42 . 2009-12-04 09:44 -------- d-----w- c:\users\Calliann\AppData\Roaming\Tibia
2009-12-04 00:43 . 2009-12-04 00:43 4096 d-----w- c:\program files\Tibia
2009-12-01 11:43 . 2009-12-02 10:44 55 ----a-w- c:\windows\popcinfo.dat
2009-11-25 00:22 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:01 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:01 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 09:20 . 2009-11-23 09:20 -------- d-----w- c:\users\Calliann\AppData\Local\BVRP Software
2009-11-23 09:18 . 2009-11-23 09:20 -------- d-----w- c:\program files\Avanquest update
2009-11-23 08:57 . 2009-11-23 08:57 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-11-23 08:57 . 2009-11-23 09:25 -------- d-----w- c:\programdata\BVRP Software
2009-11-23 08:57 . 2009-11-23 09:23 65536 d-----w- c:\program files\Motorola Phone Tools
2009-11-23 08:56 . 2009-11-23 08:56 -------- d-----w- c:\users\Calliann\AppData\Roaming\InstallShield
2009-11-18 11:41 . 2009-11-18 11:41 -------- d-----w- c:\users\Calliann\AppData\Roaming\WildTangent
2009-11-16 07:19 . 2009-11-16 07:19 -------- d-----w- c:\programdata\BioWare
2009-11-16 07:13 . 2007-05-17 01:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-11-16 07:12 . 2009-11-16 07:12 -------- d-----w- c:\programdata\Media Center Programs
2009-11-16 06:46 . 2009-11-16 07:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-11-16 06:46 . 2009-11-16 07:02 4096 d-----w- c:\program files\Dragon Age
2009-11-14 21:30 . 2009-11-14 21:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-14 21:29 . 2009-11-14 21:31 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-11-14 21:29 . 2009-11-16 06:23 -------- d-----w- c:\users\Calliann\AppData\Roaming\DAEMON Tools Lite
2009-11-14 21:29 . 2009-11-14 21:29 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-13 12:00 . 2009-11-13 12:00 -------- d-----w- c:\users\Calliann\AppData\Local\Blizzard Entertainment
2009-11-12 20:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-12 20:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-12 20:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-12 20:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-12 20:30 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-12 20:30 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-12 20:30 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-12 20:29 . 2009-08-07 04:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-12 20:29 . 2009-08-07 03:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 05:42 . 2009-11-12 05:42 4096 d-----w- c:\program files\Ask.com
2009-11-12 05:41 . 2009-12-06 03:09 -------- d-----w- c:\program files\uTorrent
2009-11-12 05:40 . 2009-12-07 05:12 -------- d-----w- c:\users\Calliann\AppData\Roaming\uTorrent
2009-11-10 22:20 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:20 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 22:30 . 2006-11-29 22:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-08 21:45 . 2009-11-08 21:45 -------- d-----w- c:\windows\system32\EventProviders
2009-11-08 07:13 . 2009-11-08 07:13 -------- d-----w- c:\programdata\Symantec
2009-11-08 07:01 . 2009-11-08 07:01 -------- d-----w- c:\users\Calliann\local
2009-11-08 07:01 . 2009-11-08 07:01 -------- d-----w- c:\users\Public\CyberLink
2009-11-08 07:01 . 2009-11-08 07:01 -------- d-----w- c:\users\Calliann\AppData\Roaming\CyberLink
2009-11-08 07:01 . 2009-11-08 07:01 -------- d-----w- c:\programdata\CyberLink
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-07 08:58 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 05:16 . 2009-12-06 04:43 40960 d-----w- c:\program files\Spyware Doctor
2009-12-06 09:00 . 2009-11-16 07:14 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-06 08:21 . 2009-12-06 08:05 1864 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-06 04:52 . 2009-12-06 04:43 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-06 03:09 . 2009-02-28 02:16 28672 d-----w- c:\program files\Microsoft Works
2009-12-06 02:32 . 2009-11-05 06:04 -------- d-----w- c:\programdata\Partner
2009-12-03 01:42 . 2009-02-28 02:27 4096 d-----w- c:\program files\Java
2009-11-23 09:25 . 2009-11-23 09:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-11-23 09:18 . 2009-02-28 02:11 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-18 11:41 . 2009-02-28 02:22 4096 d-----w- c:\programdata\WildTangent
2009-11-16 07:14 . 2009-11-16 07:14 8192 d-----w- c:\program files\AGEIA Technologies
2009-11-15 10:34 . 2009-11-05 06:02 1356 ----a-w- c:\users\Calliann\AppData\Local\d3d9caps.dat
2009-11-11 06:41 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 01:33 . 2009-02-28 02:14 8192 d-----w- c:\programdata\Microsoft Help
2009-11-08 22:37 . 2009-02-28 02:31 4096 d-----w- c:\program files\Windows Live
2009-11-08 22:26 . 2009-02-28 02:32 -------- d-----w- c:\program files\Microsoft
2009-11-07 08:59 . 2009-11-05 06:15 -------- d-----w- c:\program files\Symantec
2009-11-06 21:17 . 2009-11-06 21:16 4096 d-----w- c:\program files\QuickTime
2009-11-06 21:16 . 2009-11-06 21:16 -------- d-----w- c:\programdata\Apple Computer
2009-11-06 21:15 . 2009-11-06 21:15 -------- d-----w- c:\program files\Common Files\Apple
2009-11-06 21:14 . 2009-11-06 21:14 4096 d-----w- c:\program files\Apple Software Update
2009-11-06 21:14 . 2009-11-06 21:14 -------- d-----w- c:\programdata\Apple
2009-11-06 21:00 . 2009-11-06 21:00 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 21:00 . 2009-11-06 21:00 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 21:00 . 2009-11-06 21:00 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-06 00:34 . 2009-11-06 00:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-11-05 23:50 . 2009-11-05 21:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-11-05 21:40 . 2009-11-05 21:40 -------- d-----w- c:\programdata\Blizzard
2009-11-05 09:38 . 2009-11-05 09:38 10134 ----a-r- c:\users\Calliann\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-11-05 09:38 . 2009-11-05 09:38 -------- d-----w- c:\program files\Microsoft WSE
2009-11-05 09:23 . 2009-11-05 09:23 -------- d-----w- c:\program files\Electronic Arts
2009-11-05 08:01 . 2009-02-28 02:05 -------- d-----w- c:\programdata\NVIDIA
2009-11-05 08:01 . 2009-11-05 06:06 70176 ----a-w- c:\users\Calliann\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-05 07:58 . 2009-11-05 07:27 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-05 07:36 . 2009-11-05 06:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-05 07:29 . 2009-11-05 07:29 -------- d-----w- c:\program files\LSI SoftModem
2009-11-05 06:35 . 2009-11-05 06:35 0 ----a-w- c:\windows\nsreg.dat
2009-11-05 06:17 . 2009-02-28 02:26 4096 d-----w- c:\program files\Google
2009-11-05 06:16 . 2009-02-28 02:41 -------- d-----w- c:\programdata\Norton
2009-11-05 06:04 . 2009-11-05 06:04 -------- d-----w- c:\program files\eBay
2009-10-28 22:37 . 2009-11-12 21:13 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-10-11 13:17 . 2009-11-05 07:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 20:31 . 2009-12-06 04:52 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-08 20:31 . 2009-12-06 04:52 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-08 20:31 . 2009-12-06 04:52 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-08 20:31 . 2009-12-06 04:52 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-07 01:31 . 2009-12-06 04:44 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-02 23:19 . 2009-12-06 04:52 1152470 ----a-w- c:\windows\UDB.zip
2009-09-24 17:55 . 2009-12-06 04:45 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-24 17:55 . 2009-12-06 04:45 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-24 01:10 . 2009-12-06 04:44 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-14 09:44 . 2009-11-05 06:18 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:30 . 2009-11-05 06:19 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21 . 2009-11-05 06:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21 . 2009-11-05 06:18 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-02-28 02:26 . 2009-11-05 06:36 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 23:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-07 00:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-01 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-06 2020120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 23:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [12/5/2009 7:44 PM 207280]
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [11/6/2009 11:58 PM 310320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/5/2009 6:38 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/5/2009 6:38 PM 360584]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [11/6/2009 11:58 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [11/6/2009 11:58 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys [11/12/2009 12:13 PM 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/5/2009 6:38 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/5/2009 6:37 PM 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/5/2009 7:52 PM 112592]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [5/20/2009 4:08 PM 24576]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [11/6/2009 11:58 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/4/2009 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [11/6/2009 11:58 PM 48688]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/15/2009 10:01 PM 25832]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/27/2009 5:26 PM 30192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/5/2009 7:43 PM 358600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0509&m=et1810
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0509&m=et1810
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Calliann\AppData\Roaming\Mozilla\Firefox\Profiles\b8r5gb66.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Stopzilla!\Toolbar\Extension\components\SiteGuardFF.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Calliann\AppData\Roaming\Mozilla\Firefox\Profiles\b8r5gb66.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Calliann\AppData\Roaming\Mozilla\Firefox\Profiles\b8r5gb66.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 22:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\{7AF51F9E-B274-4771-A8E3-4B359390B862}\{7F811A54-5A09-4579-90E1-C93498E230D9}\skin5031.rra 25284 bytes

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x85991618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8afa7322
\Driver\ACPI -> acpi.sys @ 0x805add4c
\Driver\atapi -> 0x858a51f8
IoDeviceObjectType -> DumpProcedure -> 0x8494b7c8
DeleteProcedure -> 0x8b401370
ParseProcedure -> 0x1a001a
\Device\Harddisk0\DR0 -> DumpProcedure -> 0x8494b7c8
DeleteProcedure -> 0x8b401370
ParseProcedure -> 0x1a001a
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4024)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
c:\windows\system32\vssvc.exe
c:\program files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-12-06 22:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 07:51

Pre-Run: 27,649,314,816 bytes free
Post-Run: 27,940,102,144 bytes free

- - End Of File - - 0484283BC1919BFEDA8878C33F078DBE

Edited by ayishik, 07 December 2009 - 03:21 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:51 PM

Posted 19 December 2009 - 06:14 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:51 PM

Posted 24 December 2009 - 05:40 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users