Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results and favorites redirected in IE8


  • This topic is locked This topic is locked
6 replies to this topic

#1 dercas

dercas

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 13 December 2009 - 03:24 PM

Before you start reading this and wonder why there's no RootRepeal log, please know that I had an error running the program, and I have attached it's log file to the post (log.txt) as well. I tried following the given instructions for using it and I also tried using the 'run' option instead of saving the file to the desktop. Neither worked for me.

Also, you might find it interesting to know that with the google results, you can right click on any of the links, click on 'copy shortcut' and then paste it into a new tab or window and you will not be redirected as if you simply left clicked on it.

I hope to hear back from you soon!

Jeff


DDS (Ver_09-12-01.01) - NTFSx86
Run by blackdeath at 13:58:40.67 on Sun 12/13/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.988 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\blackdeath\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\blackd~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\3113068.lnk - c:\users\blackdeath\appdata\local\temp\mvNat.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 91.121.221.171 thepiratebay.org
Hosts: 91.121.221.171 www.thepiratebay.org
Hosts: 91.121.221.171 thepiratebay.org
Hosts: 91.121.221.171 www.thepiratebay.org

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2009-11-8 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-8 161800]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-13 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-8 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-8 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-8 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-8 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-8 285392]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-8 5832712]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-13 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-13 358600]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-13 1141200]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2009-11-8 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2009-11-8 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2009-11-8 21208]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-8-12 2599936]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2009-7-13 242176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2009-12-13 18:30:40 0 d-----w- C:\VundoFix Backups
2009-12-13 15:22:48 883 ----a-w- c:\windows\RegSDImport.xml
2009-12-13 15:22:48 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-13 15:22:48 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-13 15:22:48 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-13 15:22:48 131 ----a-w- c:\windows\IDB.zip
2009-12-13 15:22:47 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-13 15:22:47 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-12-13 15:22:47 1152470 ----a-w- c:\windows\UDB.zip
2009-12-13 15:22:09 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-13 15:22:09 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-13 15:22:09 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-13 15:21:50 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-13 15:21:50 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-13 15:21:50 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-13 15:21:50 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-13 15:21:33 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-13 15:21:33 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-13 15:21:28 0 d-----w- c:\users\blackd~1\appdata\roaming\PC Tools
2009-12-13 15:21:28 0 d-----w- c:\programdata\PC Tools
2009-12-13 15:21:28 0 d-----w- c:\program files\Spyware Doctor
2009-12-13 15:21:28 0 d-----w- c:\program files\common files\PC Tools
2009-12-13 15:21:02 0 d---a-w- c:\programdata\TEMP
2009-12-12 14:32:00 0 d-----w- c:\users\blackd~1\appdata\roaming\Command & Conquer 3 Kane's Wrath
2009-12-08 05:05:03 0 d-----w- c:\program files\Command & Conquer 3 Kane's Wrath
2009-11-28 21:48:51 0 d-----w- c:\program files\common files\PX Storage Engine
2009-11-25 06:22:05 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 10:05:52 0 d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2009-11-24 07:05:24 0 d-----w- c:\users\blackd~1\appdata\roaming\Red Alert 3
2009-11-24 07:03:40 0 d--h--w- c:\windows\msdownld.tmp
2009-11-23 03:41:10 0 d-----w- c:\programdata\Apple Computer
2009-11-23 03:39:58 0 d-----w- c:\programdata\Apple
2009-11-14 12:40:54 0 d-----w- c:\program files\Defraggler

==================== Find3M ====================

2009-11-10 04:22:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 00:58:59 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2009-11-09 00:58:54 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-09 00:46:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 00:46:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-08 23:41:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:59:57.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 AM

Posted 14 December 2009 - 09:06 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dercas

dercas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 15 December 2009 - 12:01 AM

First off, thanks for the fast reply. I definately appreciate you taking your time to look over these lengthy logs. I about went blind just trying to copy and paste them in here. :(

Log #1:

OTL logfile created on: 12/14/2009 22:50:13 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\blackdeath\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.77% Memory free
3.98 Gb Paging File | 3.01 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 22.55 Gb Free Space | 24.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.08 Gb Total Space | 3.14 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKDEATH-PC
Current User Name: blackdeath
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/14 22:48:56 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\blackdeath\Desktop\OTL.exe
PRC - [2009/12/10 15:27:51 | 04,043,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2009/12/10 15:27:51 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/10 15:27:49 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/10 15:27:49 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/08 19:36:47 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/08 18:58:58 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/11/08 18:58:58 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/11/08 18:58:56 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/08 18:58:54 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/11/08 18:46:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/08 18:46:23 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/08 18:46:20 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/08/02 23:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/01 10:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/01 13:51:52 | 01,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/06/01 13:51:52 | 00,448,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/08/06 18:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/03/16 18:10:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/03/16 18:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/01/13 09:47:04 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/01/13 09:47:04 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2007/01/13 09:46:36 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/01/13 09:46:24 | 00,241,664 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/14 22:48:56 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\blackdeath\Desktop\OTL.exe
MOD - [2009/11/08 18:46:40 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 19:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/08 18:58:58 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/11/08 18:46:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/08 18:46:20 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/13 19:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1197528888-999301669-3604608772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1197528888-999301669-3604608772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1197528888-999301669-3604608772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1197528888-999301669-3604608772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 9A A8 76 D7 60 CA 01 [binary data]
IE - HKU\S-1-5-21-1197528888-999301669-3604608772-1000\S-1-5-21-1197528888-999301669-3604608772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/11/08 19:37:04 | 00,000,000 | ---D | M]


O1 HOSTS File: (968 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 91.121.221.171 thepiratebay.org
O1 - Hosts: 91.121.221.171 www.thepiratebay.org
O1 - Hosts: 91.121.221.171 thepiratebay.org
O1 - Hosts: 91.121.221.171 www.thepiratebay.org
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1197528888-999301669-3604608772-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\blackdeath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3113068.lnk = C:\Users\blackdeath\AppData\Local\Temp\mvNat.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.130 68.87.72.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 20:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 22:48:53 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\blackdeath\Desktop\OTL.exe
[2009/12/13 14:39:08 | 00,000,000 | ---D | C] -- C:\Program Files\Moleskinsoft Directory Size 2.4
[2009/12/13 12:30:40 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/13 09:41:21 | 00,000,000 | ---D | C] -- C:\Users\blackdeath\AppData\Local\Threat Expert
[2009/12/13 09:22:48 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2009/12/13 09:22:47 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2009/12/13 09:22:47 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2009/12/13 09:22:09 | 00,229,304 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/12/13 09:22:09 | 00,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/12/13 09:21:50 | 00,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/12/13 09:21:50 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/12/13 09:21:33 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/12/13 09:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/13 09:21:28 | 00,000,000 | ---D | C] -- C:\Users\blackdeath\AppData\Roaming\PC Tools
[2009/12/13 09:21:28 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/12/13 09:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/13 09:21:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/12 08:34:26 | 00,000,000 | ---D | C] -- C:\Users\blackdeath\Documents\Command & Conquer 3 Kane's Wrath
[2009/12/12 08:32:00 | 00,000,000 | ---D | C] -- C:\Users\blackdeath\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009/12/07 23:05:03 | 00,000,000 | ---D | C] -- C:\Program Files\Command & Conquer 3 Kane's Wrath
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/14 22:54:25 | 01,572,864 | -HS- | M] () -- C:\Users\blackdeath\NTUSER.DAT
[2009/12/14 22:48:56 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\blackdeath\Desktop\OTL.exe
[2009/12/14 22:40:39 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 22:40:39 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 22:38:13 | 46,624,539 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/14 22:37:44 | 00,123,979 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/14 22:37:06 | 00,000,439 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/12/14 22:33:16 | 00,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/14 22:33:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/14 22:32:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/14 22:32:32 | 16,038,74816 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/13 21:28:38 | 02,570,957 | -H-- | M] () -- C:\Users\blackdeath\AppData\Local\IconCache.db
[2009/12/11 14:45:57 | 00,000,968 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/10 17:16:24 | 00,000,017 | ---- | M] () -- C:\Users\blackdeath\AppData\Local\resmon.resmoncfg
[2009/12/08 00:05:53 | 00,001,202 | ---- | M] () -- C:\Users\blackdeath\Desktop\Command & Conquer 3 Kane's Wrath.lnk
[2009/12/07 23:20:11 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/07 23:20:11 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/07 23:20:11 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/07 05:44:25 | 00,000,969 | ---- | M] () -- C:\Users\blackdeath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3113068.lnk
[2009/12/01 15:10:35 | 00,000,000 | -H-- | M] () -- C:\Users\blackdeath\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/13 09:22:48 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/12/13 09:22:48 | 00,000,883 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2009/12/13 09:22:48 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2009/12/13 09:22:48 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2009/12/13 09:22:47 | 01,152,470 | ---- | C] () -- C:\Windows\UDB.zip
[2009/12/13 09:22:09 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/12/13 09:21:50 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/12/13 09:21:50 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/12/13 09:21:33 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/11 14:45:54 | 00,000,298 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/10 17:16:24 | 00,000,017 | ---- | C] () -- C:\Users\blackdeath\AppData\Local\resmon.resmoncfg
[2009/12/08 00:05:53 | 00,001,202 | ---- | C] () -- C:\Users\blackdeath\Desktop\Command & Conquer 3 Kane's Wrath.lnk
[2009/12/07 05:44:25 | 00,000,969 | ---- | C] () -- C:\Users\blackdeath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3113068.lnk
[2009/12/01 15:10:35 | 00,000,000 | -H-- | C] () -- C:\Users\blackdeath\Documents\Default.rdp
[2009/11/08 19:03:59 | 00,000,518 | ---- | C] () -- C:\Windows\Fantastic Flame Screensaver.ini
[2009/11/08 17:41:09 | 00,086,016 | ---- | C] () -- C:\Windows\System32\preflib.dll
[2009/11/08 17:41:08 | 00,757,760 | ---- | C] () -- C:\Windows\System32\bcm1xsup.dll
[2009/11/08 17:36:30 | 00,192,512 | ---- | C] () -- C:\Windows\System32\stac97co.dll
[2009/07/13 17:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/01/13 10:46:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll
[2005/02/05 14:46:00 | 00,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== LOP Check ==========

[2009/11/10 04:26:07 | 00,000,000 | ---D | M] -- C:\Users\blackdeath\AppData\Roaming\AVG9
[2009/12/12 08:33:55 | 00,000,000 | ---D | M] -- C:\Users\blackdeath\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009/11/08 19:31:16 | 00,000,000 | ---D | M] -- C:\Users\blackdeath\AppData\Roaming\IrfanView
[2009/11/24 01:05:27 | 00,000,000 | ---D | M] -- C:\Users\blackdeath\AppData\Roaming\Red Alert 3
[2009/12/13 21:27:50 | 00,000,000 | ---D | M] -- C:\Users\blackdeath\AppData\Roaming\uTorrent
[2009/07/13 22:53:46 | 00,015,222 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/14 22:33:16 | 00,000,298 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >










Log #2:

OTL Extras logfile created on: 12/14/2009 22:50:13 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\blackdeath\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.77% Memory free
3.98 Gb Paging File | 3.01 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 22.55 Gb Free Space | 24.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.08 Gb Total Space | 3.14 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKDEATH-PC
Current User Name: blackdeath
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Browser Defender_is1" = Browser Defender 2.0.6.10
"Defraggler" = Defraggler
"Fantastic Flame Screensaver" = Fantastic Flame Screensaver
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"IrfanView" = IrfanView (remove only)
"Moleskinsoft Directory Size 2.4_is1" = Moleskinsoft Directory Size 2.4
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 7.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2009 21:59:10 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0xbc0 Faulting application start time: 0x01ca7b97d65f8124 Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: 1a3c7dc1-e78b-11de-a377-001422bf0bfa

Error - 12/12/2009 21:59:59 | Computer Name = blackdeath-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7600.16415 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 514 Start
Time: 01ca7b97ee90dfc4 Termination Time: 135 Application Path: C:\Program Files\Windows
Media Player\wmplayer.exe Report Id: 33ac2651-e78b-11de-a377-001422bf0bfa

Error - 12/12/2009 22:09:38 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0x171c Faulting application start time: 0x01ca7b9944cfd3de Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: 90cfd903-e78c-11de-a377-001422bf0bfa

Error - 12/12/2009 22:16:20 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdaae Exception code: 0x0000046b Fault offset: 0x00009617 Faulting
process id: 0x116c Faulting application start time: 0x01ca7b26cdcbe774 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 8066f6de-e78d-11de-a377-001422bf0bfa

Error - 12/12/2009 22:23:44 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0x17e8 Faulting application start time: 0x01ca7b9b2e2d774f Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: 89179c54-e78e-11de-a377-001422bf0bfa

Error - 12/12/2009 22:24:41 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0xbd8 Faulting application start time: 0x01ca7b9b60186763 Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: aae54f9f-e78e-11de-a377-001422bf0bfa

Error - 12/12/2009 22:24:59 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0xa08 Faulting application start time: 0x01ca7b9b71965a10 Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: b547f9e8-e78e-11de-a377-001422bf0bfa

Error - 12/12/2009 22:27:30 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0xf98 Faulting application start time: 0x01ca7b9bc83989c4 Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: 0f4d11ab-e78f-11de-a377-001422bf0bfa

Error - 12/12/2009 23:50:41 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: jscript.dll, version: 5.8.7600.16385,
time stamp: 0x4a5bda08 Exception code: 0xc0000005 Fault offset: 0x00024b7b Faulting
process id: 0x230 Faulting application start time: 0x01ca7ba761510edc Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\System32\jscript.dll
Report
Id: ae4633c5-e79a-11de-a377-001422bf0bfa

Error - 12/13/2009 16:59:16 | Computer Name = blackdeath-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16415,
time stamp: 0x4a98ae4b Faulting module name: wmp.dll, version: 12.0.7600.16415,
time stamp: 0x4a98b4c2 Exception code: 0xc0000005 Fault offset: 0x004f78e7 Faulting
process id: 0x1124 Faulting application start time: 0x01ca7c36c9a62e61 Faulting application
path: C:\Program Files\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: 5f23cfb4-e82a-11de-bc43-001422bf0bfa

[ System Events ]
Error - 12/13/2009 20:13:30 | Computer Name = blackdeath-PC | Source = ipnathlp | ID = 34001
Description =

Error - 12/13/2009 20:13:30 | Computer Name = blackdeath-PC | Source = ipnathlp | ID = 30013
Description =

Error - 12/13/2009 20:17:25 | Computer Name = blackdeath-PC | Source = DCOM | ID = 10010
Description =

Error - 12/13/2009 20:46:23 | Computer Name = blackdeath-PC | Source = ipnathlp | ID = 30013
Description =

Error - 12/13/2009 23:20:04 | Computer Name = blackdeath-PC | Source = ipnathlp | ID = 30013
Description =

Error - 12/15/2009 00:32:46 | Computer Name = blackdeath-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:28:59 PM on ?12/?13/?2009 was unexpected.

Error - 12/15/2009 00:34:14 | Computer Name = blackdeath-PC | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/15/2009 00:35:25 | Computer Name = blackdeath-PC | Source = DCOM | ID = 10010
Description =

Error - 12/15/2009 00:37:05 | Computer Name = blackdeath-PC | Source = ipnathlp | ID = 34001
Description =

Error - 12/15/2009 00:37:05 | Computer Name = blackdeath-PC | Source = ipnathlp | ID = 30013
Description =


< End of report >

#4 dercas

dercas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 15 December 2009 - 12:12 AM

Here's the GMER Log. Hope to hear back from you soon! I only use this laptop while I'm at work, so my next reply won't be until Wednesday. Thanks for you patience.
Jeff



GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 23:10:06
Windows 6.1.7600
Running: zkfv9vj2.exe; Driver: C:\Users\BLACKD~1\AppData\Local\Temp\fwldykod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8362DCDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8362DECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8362E0D6]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x95C94620]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x95C946D0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x95C94770]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x95C94810]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82813FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282C1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288B579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 828B782C 8 Bytes [DC, DC, 62, 83, CE, DE, 62, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 828B7864 4 Bytes [D6, E0, 62, 83]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 828B79E8 4 Bytes [20, 46, C9, 95] {AND [ESI-0x37], AL; XCHG EBP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 828B7CB8 8 Bytes [D0, 46, C9, 95, 70, 47, C9, ...] {ROL BYTE [ESI-0x37], 0x1; XCHG EBP, EAX; JO 0x4d; LEAVE ; XCHG EBP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 828B7D2C 4 Bytes [10, 48, C9, 95] {ADC [EAX-0x37], CL; XCHG EBP, EAX}
.text peauth.sys AC40EC9D 28 Bytes [CF, 84, FD, F3, A6, 59, 5C, ...]
.text peauth.sys AC40ECC1 28 Bytes [CF, 84, FD, F3, A6, 59, 5C, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[852] ole32.dll!CoCreateInstance 771457FC 5 Bytes JMP 00AF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExW 76EA0E51 5 Bytes JMP 73297AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamW 76EC4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!UnhookWindowsHookEx 76E9CC7B 5 Bytes JMP 732A7E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!CallNextHookEx 76E9CC8F 5 Bytes JMP 732894EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!CreateWindowExW 76EA0E51 5 Bytes JMP 73297AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!DialogBoxIndirectParamW 76EC4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] ole32.dll!CoCreateInstance 771457FC 5 Bytes JMP 73298595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [04310920] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [042EB810] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [042EAF80] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [043108F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [042EB910] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [042EB8B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [04310920] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [042EB810] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [042EB8B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [042EB460] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [043108F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [042EAF80] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [04310920] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [042EB810] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [042EB910] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [042EAF80] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [042EB910] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [042EB8B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [04310920] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [042EAF80] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [042EAD70] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [043108F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [042EB810] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [042E9BC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [042E9BC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [042EA7F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [042E9BC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [042EAD70] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [04310920] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [042EB8B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [042EB910] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [042EB810] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [042EAF80] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [043108F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [043108C0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [04310920] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [04310890] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [042EB810] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [042EB8B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [042EAD70] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [042EAF80] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [042EB910] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [042E9BC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [043108F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3292] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [04310950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A45D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3396] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A45D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3396] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A45D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A45D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3396] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75A45D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3396] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75A45D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys

---- EOF - GMER 1.0.15 ----

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 AM

Posted 15 December 2009 - 08:39 AM

We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 dercas

dercas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 20 December 2009 - 05:26 PM

Well, the laptop died on me.... I tore it all apart and narrowed it down to: both the leads on the CMOS battery have the solders broken. The stupid leads are about 2mm apart so there's no possible way for a guy like me to resolder them to the circuit board. Oh well....the damned thing was free anyway so there's not too much I can really complain about.

I really appreciate all your help and I wish we could have seen this thing through to conclusion. Maybe I'll just start clicking on everything that pops up on my desktop at home so I can make something horrible happen to it instead.....j/k.

Jeff

"May your coffin be built from a 100 year old oak tree that will be planted tomorrow." - Irish Blessing

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 AM

Posted 21 December 2009 - 07:47 AM

Sorry to hear about that Jeff, but I appreciate you following up with me.
Thanks for that. Have a Happy Holiday! :(


This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users