Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser keeps redirecting


  • This topic is locked This topic is locked
20 replies to this topic

#1 achu

achu

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 20 December 2009 - 07:41 AM

*HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP**HELP*
this is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:17 PM, on 12/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca3e8229d071cc) (gupdate1ca3e8229d071cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 13984 bytes

Edited by achu, 20 December 2009 - 08:15 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 03 January 2010 - 06:03 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 03 January 2010 - 03:04 PM

I have download various antivirus and anti spyware software. i scanned on all the software. i downloaded avg and i get a message from the web shield saying that threat is blocked.

FILE NAME: 91.212.226.180/MONEYUK.EXE
THREAT NAME: TROJAN HORSE PSW.GENERIC7.AYUC
PROCESS NAME: C:/Windws/System32/svchost.exe

Edited by achu, 03 January 2010 - 03:13 PM.


#4 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 03 January 2010 - 03:19 PM

Google is my homepage and when i search in google and click on a result on i found it redirects into a different website. if i type the web address straight on to the address bar it is alright. this happens all of my broswers no just internet explorer 8. also i tried using different search engines still the same it keeps redirecting.

#5 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 03 January 2010 - 03:39 PM

OTL logfile created on: 1/3/2010 8:27:42 PM - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\admin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 8.88 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
Drive D: | 78.12 Gb Total Space | 72.49 Gb Free Space | 92.78% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 42.71 Mb Free Space | 6.08% Space Free | Partition Type: UDF
Drive F: | 78.12 Gb Total Space | 77.58 Gb Free Space | 99.30% Space Free | Partition Type: NTFS
Drive G: | 92.89 Gb Total Space | 88.41 Gb Free Space | 95.18% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHWIN
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/03 20:02:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2009/12/28 16:55:39 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/23 19:58:14 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/10 15:40:22 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/10 15:40:21 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/10 15:40:09 | 02,303,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2009/12/09 22:07:56 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/09 22:07:55 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/09 22:07:46 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/12/09 22:07:46 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/09 22:07:41 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/12/09 22:07:41 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/03 15:03:55 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 11:57:48 | 00,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/08/27 15:05:04 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/06 13:22:04 | 00,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/09 14:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 06:28:11 | 01,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/06 06:21:04 | 00,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/02 08:13:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/01/31 18:45:38 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 17:13:30 | 00,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/23 05:37:14 | 00,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/01/16 04:41:00 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/01/16 04:41:00 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2009/01/16 04:40:58 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/01/16 04:40:54 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/01/09 08:19:08 | 00,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 08:26:46 | 00,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/11/17 13:39:20 | 02,308,648 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/11/17 13:39:20 | 00,780,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/11/17 13:39:20 | 00,555,560 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/08/03 23:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/10/12 08:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/10/12 08:33:16 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe
PRC - [2007/08/02 13:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2006/12/23 12:35:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 12:34:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/23 12:24:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2006/12/14 12:19:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/02 12:34:44 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2010/01/03 20:02:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/02 12:47:48 | 01,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/12/31 14:32:28 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/12/10 15:40:09 | 02,303,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/12/09 22:07:46 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/09 22:07:41 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/25 01:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/29 07:20:25 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/08/29 07:08:34 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 15:05:04 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/07 11:43:04 | 00,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/09 14:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/06 06:21:04 | 00,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/02 08:13:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/17 13:39:20 | 00,555,560 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/21 02:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/12 08:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/22 08:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/08/02 13:42:16 | 00,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 13:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)
SRV - [2006/12/23 12:24:04 | 00,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 12:19:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 08:33:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/02 12:50:06 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/28 23:07:04 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/12/28 23:07:04 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/12/14 08:59:20 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100102.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/14 08:59:20 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/14 08:59:20 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/14 08:59:20 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100102.020\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/09 22:08:11 | 00,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2009/12/09 22:08:10 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/12/09 22:08:09 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/09 22:08:01 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/09 22:07:59 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/09 22:07:43 | 00,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2009/12/09 22:07:42 | 00,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2009/12/09 22:07:42 | 00,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2009/12/09 22:07:30 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/11/20 22:22:06 | 00,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/09/08 17:39:29 | 00,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/03 16:47:19 | 00,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\WinVd32.sys -- (WinVd32)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/28 11:57:14 | 00,087,536 | ---- | M] (CyberLink Corp.) [2009/08/29 12:35:47] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/26 07:00:02 | 00,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/19 16:02:00 | 00,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/17 12:56:58 | 00,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/06 06:30:08 | 00,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2009/03/06 06:21:04 | 00,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/02/05 14:18:16 | 00,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/16 04:23:32 | 04,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/12/30 15:30:04 | 00,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/11/12 15:53:42 | 00,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/11/12 15:53:40 | 00,109,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/11/12 15:53:36 | 00,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/10/13 08:47:34 | 01,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/13 08:47:20 | 00,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/10/09 14:42:42 | 00,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/25 10:11:10 | 00,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/07/24 04:33:00 | 00,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/02/20 01:06:11 | 00,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008/02/05 19:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/02/05 19:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2008/02/05 19:34:43 | 00,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2008/02/05 19:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/02/05 19:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/02/01 01:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/01 01:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/01 01:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/21 02:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:32:53 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:32:51 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:32:50 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:32:49 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:32:49 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:32:48 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:32:48 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/08/09 00:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/03/07 23:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.0.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 15:40:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 22:09:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 16:56:37 | 00,000,000 | ---D | M]

[2009/09/12 21:13:33 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2009/09/12 21:13:33 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009/09/10 16:28:28 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/01/03 19:16:41 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\kqv66vgt.default\extensions
[2009/12/24 10:42:38 | 00,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\kqv66vgt.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/12 16:50:04 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\kqv66vgt.default\extensions\firefox@tvunetworks(97).com
[2009/12/24 10:40:51 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\kqv66vgt.default\extensions\smarterwiki@wikiatic.com
[2009/11/16 06:19:55 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\kqv66vgt.default\extensions\toolbar@ask.com
[2009/11/17 16:03:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 13:44:08 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360 Premier Edition\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://supportapj.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/03 20:02:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/01/02 13:15:51 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/01/02 12:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360 Premier Edition
[2010/01/02 12:46:07 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/02 12:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/02 12:42:55 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Symantec
[2009/12/31 14:32:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2009/12/29 13:42:38 | 00,000,000 | ---D | C] -- C:\Users\admin\DoctorWeb
[2009/12/29 13:37:03 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/28 23:07:04 | 01,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2009/12/28 23:07:04 | 00,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2009/12/28 23:07:04 | 00,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2009/12/28 23:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2009/12/28 16:56:23 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/28 16:56:16 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/28 16:56:16 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/28 16:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/12/28 16:55:43 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/28 16:55:40 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/12/28 16:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/12/28 16:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/12/28 16:55:27 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Real
[2009/12/24 18:30:57 | 00,000,000 | ---D | C] -- C:\Users\admin\Documents\Remote Assistance Logs
[2009/12/24 14:19:39 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\qkoqyt
[2009/12/21 15:47:47 | 00,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2009/12/21 14:56:41 | 00,000,000 | ---D | C] -- C:\Users\Public\Desktop\TrendMicro_TAV_17.50_en-US_32-bit
[2009/12/20 19:58:18 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\MigWiz
[2009/12/20 16:33:25 | 00,000,000 | ---D | C] -- C:\Users\admin\Documents\Bluetooth Exchange Folder
[2009/12/20 16:08:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\Dell
[2009/12/20 12:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/20 11:46:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/13 11:21:29 | 00,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2009/12/12 09:19:09 | 00,000,000 | ---D | C] -- C:\Users\admin\Documents\Simply Super Software
[2009/12/11 16:30:33 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\Neelathamara
[2009/12/10 16:48:08 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\Softwares
[2009/12/10 15:51:19 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2009/12/10 15:51:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/09 22:08:12 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/09 22:08:11 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2009/12/09 22:08:11 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/12/09 22:08:09 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/12/09 22:08:09 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/12/09 22:08:01 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/12/09 22:07:59 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/12/09 22:07:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/12/09 22:07:30 | 00,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/12/09 22:07:29 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/09 22:07:22 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/12/09 22:02:22 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 22:02:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 22:02:21 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 22:02:21 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 22:02:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 22:02:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 22:02:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 22:02:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 22:02:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 22:02:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 22:02:19 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 22:02:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 22:02:19 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 22:02:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/09 21:58:34 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/09 21:58:33 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/09 21:57:01 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/09 18:33:42 | 00,000,000 | ---D | C] -- C:\Users\admin\Documents\FrostWire
[2009/12/09 18:33:37 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\FrostWire
[1 C:\Users\admin\Documents\*.tmp files -> C:\Users\admin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/03 20:35:00 | 00,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2153855D-8531-4E8A-BFA5-05732DB4A2A2}.job
[2010/01/03 20:31:26 | 03,932,160 | ---- | M] () -- C:\Users\admin\ntuser.dat
[2010/01/03 20:28:28 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/03 20:27:12 | 00,006,756 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/01/03 20:24:42 | 00,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/03 20:24:42 | 00,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/03 20:24:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/03 20:24:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/03 20:24:11 | 31,796,63360 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/03 20:23:08 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/03 20:23:04 | 00,524,288 | -HS- | M] () -- C:\Users\admin\ntuser.dat{ed3a3846-e40e-11de-9bb9-002556d9fc53}.TMContainer00000000000000000001.regtrans-ms
[2010/01/03 20:23:04 | 00,065,536 | -HS- | M] () -- C:\Users\admin\ntuser.dat{ed3a3846-e40e-11de-9bb9-002556d9fc53}.TM.blf
[2010/01/03 20:22:49 | 03,580,792 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db
[2010/01/03 20:02:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/01/03 19:16:35 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{10498336-D2EF-430F-97BC-9234B454EB2D}.job
[2010/01/03 17:59:59 | 00,000,474 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for admin.job
[2010/01/03 17:26:12 | 47,371,022 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/02 22:52:11 | 35,295,8859 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/02 12:51:37 | 00,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360 Premier Edition.lnk
[2010/01/02 12:50:06 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/02 12:50:06 | 00,010,563 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/02 12:50:06 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/02 11:53:18 | 05,254,353 | ---- | M] () -- C:\Users\admin\Desktop\3idiots01(www.songs.pk).mp3
[2010/01/01 20:00:29 | 00,128,265 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/31 15:15:50 | 00,000,632 | RHS- | M] () -- C:\Users\admin\ntuser.pol
[2009/12/31 10:16:48 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/31 10:16:48 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/31 10:16:48 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/30 10:38:56 | 00,553,541 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/12/29 22:15:51 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/29 22:15:51 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/29 17:34:58 | 00,015,284 | ---- | M] () -- C:\Users\admin\Documents\cc_20091229_173451.reg
[2009/12/28 23:11:37 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2009/12/28 23:07:05 | 01,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2009/12/28 23:07:04 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2009/12/28 23:07:04 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2009/12/28 16:58:05 | 00,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/12/28 16:56:29 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/12/28 16:56:23 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/28 16:56:16 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/28 16:56:16 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/28 16:55:43 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/24 10:39:36 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/22 11:53:13 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009/12/20 15:48:13 | 00,020,480 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 12:34:55 | 00,001,874 | ---- | M] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009/12/16 16:56:56 | 00,001,920 | ---- | M] () -- C:\Users\admin\Documents\cc_20091216_165645.reg
[2009/12/10 07:41:21 | 00,032,224 | ---- | M] () -- C:\Users\admin\Documents\cc_20091210_074101.reg
[2009/12/09 22:44:59 | 00,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2009/12/09 22:08:11 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2009/12/09 22:08:11 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/12/09 22:08:11 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/12/09 22:08:10 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/12/09 22:08:09 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/12/09 22:08:01 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/12/09 22:07:59 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/12/09 22:07:59 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/12/09 22:07:58 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/12/09 22:07:58 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/12/09 22:07:30 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/12/09 07:38:14 | 00,013,591 | ---- | M] () -- C:\Users\admin\Documents\Section 2 Expectations.docx
[2009/12/09 07:37:59 | 00,001,730 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
[2009/12/08 17:34:05 | 00,524,288 | -HS- | M] () -- C:\Users\admin\ntuser.dat{ed3a3846-e40e-11de-9bb9-002556d9fc53}.TMContainer00000000000000000002.regtrans-ms
[2009/12/08 17:30:00 | 00,524,288 | -HS- | M] () -- C:\Users\admin\ntuser.dat{18281133-d235-11de-886f-00256449720f}.TMContainer00000000000000000001.regtrans-ms
[2009/12/08 17:30:00 | 00,065,536 | -HS- | M] () -- C:\Users\admin\ntuser.dat{18281133-d235-11de-886f-00256449720f}.TM.blf
[1 C:\Users\admin\Documents\*.tmp files -> C:\Users\admin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/03 18:56:09 | 31,796,63360 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/03 00:37:31 | 00,000,442 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2153855D-8531-4E8A-BFA5-05732DB4A2A2}.job
[2010/01/02 22:52:11 | 35,295,8859 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/02 12:51:37 | 00,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360 Premier Edition.lnk
[2010/01/02 12:46:07 | 00,010,563 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/02 12:46:07 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/02 11:53:18 | 05,254,353 | ---- | C] () -- C:\Users\admin\Desktop\3idiots01(www.songs.pk).mp3
[2009/12/31 14:32:31 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/29 22:15:51 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/12/29 22:15:51 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/12/29 17:34:54 | 00,015,284 | ---- | C] () -- C:\Users\admin\Documents\cc_20091229_173451.reg
[2009/12/28 23:11:37 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2009/12/28 16:58:05 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/12/28 16:56:29 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/12/24 10:39:36 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/22 11:53:13 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/12/20 13:08:35 | 00,001,170 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/12/20 13:08:35 | 00,000,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/12/20 12:34:55 | 00,001,874 | ---- | C] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009/12/16 16:56:49 | 00,001,920 | ---- | C] () -- C:\Users\admin\Documents\cc_20091216_165645.reg
[2009/12/10 07:41:11 | 00,032,224 | ---- | C] () -- C:\Users\admin\Documents\cc_20091210_074101.reg
[2009/12/09 22:44:59 | 00,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2009/12/09 22:08:11 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/12/09 22:07:59 | 00,553,541 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/12/09 22:07:59 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/12/09 22:07:58 | 47,371,022 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/09 22:07:58 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/12/09 22:07:58 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/12/09 22:07:58 | 00,128,265 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/08 22:43:00 | 00,013,591 | ---- | C] () -- C:\Users\admin\Documents\Section 2 Expectations.docx
[2009/12/08 17:31:10 | 00,524,288 | -HS- | C] () -- C:\Users\admin\ntuser.dat{ed3a3846-e40e-11de-9bb9-002556d9fc53}.TMContainer00000000000000000002.regtrans-ms
[2009/12/08 17:31:10 | 00,524,288 | -HS- | C] () -- C:\Users\admin\ntuser.dat{ed3a3846-e40e-11de-9bb9-002556d9fc53}.TMContainer00000000000000000001.regtrans-ms
[2009/12/08 17:31:10 | 00,065,536 | -HS- | C] () -- C:\Users\admin\ntuser.dat{ed3a3846-e40e-11de-9bb9-002556d9fc53}.TM.blf
[2009/11/23 15:52:19 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/23 15:52:03 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/17 06:27:22 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/13 14:19:15 | 00,023,782 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
[2009/09/08 17:39:29 | 00,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/03 16:47:19 | 00,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2009/09/02 16:05:05 | 00,020,480 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 16:43:02 | 00,000,750 | ---- | C] () -- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/08/29 06:04:38 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/29 05:48:08 | 00,006,756 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 07:26:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 03 January 2010 - 04:27 PM

Hi,

I suspect you have a rootkit infection, so please run the following ark scanner:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


It seems you are running 2 anti virus programs:
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Symantec.


please remove one of the anti virus programs and provide the logs from the rootkit scan in your next reply,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 03 January 2010 - 06:38 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-03 23:36:09
Windows 6.0.6002 Service Pack 2
Running: 8pu6iszm.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldrpob.sys


---- System - GMER 1.0.15 ----

SSDT 87CAFA80 ZwAlertResumeThread
SSDT 87D08E28 ZwAlertThread
SSDT 87D08BF8 ZwAllocateVirtualMemory
SSDT 87C7EB48 ZwAlpcConnectPort
SSDT 87CAF830 ZwCreateMutant
SSDT 87D08C40 ZwCreateThread
SSDT 87CAF530 ZwDebugActiveProcess
SSDT 87D08EE8 ZwFreeVirtualMemory
SSDT 87CAF900 ZwImpersonateAnonymousToken
SSDT 87CAF9C0 ZwImpersonateThread
SSDT 87CC1AE8 ZwMapViewOfSection
SSDT 87CAF770 ZwOpenEvent
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwOpenProcess [0xAC24A620]
SSDT 87C3F0C0 ZwOpenProcessToken
SSDT 87CAF5F0 ZwOpenSection
SSDT 87C9F358 ZwOpenThreadToken
SSDT 87C776F0 ZwResumeThread
SSDT 87C9A008 ZwSetContextThread
SSDT 87CC1990 ZwSetInformationProcess
SSDT 87CAFF80 ZwSetInformationThread
SSDT 87CAF6B0 ZwSuspendProcess
SSDT 87D82760 ZwSuspendThread
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateProcess [0xAC24A6D0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateThread [0xAC24A770]
SSDT 87C77638 ZwUnmapViewOfSection
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwWriteVirtualMemory [0xAC24A810]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 824C4860 8 Bytes [80, FA, CA, 87, 28, 8E, D0, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 824C4874 4 Bytes [F8, 8B, D0, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 824C4880 4 Bytes [48, EB, C7, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824C4938 4 Bytes [30, F8, CA, 87]
.text ntkrnlpa.exe!KeSetEvent + 221 824C4964 4 Bytes [40, 8C, D0, 87]
.text ...
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82A68024]
? System32\Drivers\avgrkx86.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 831D841B 5 Bytes JMP 8776F1B8
? system32\DRIVERS\avgfwd6x.sys The system cannot find the path specified. !
? System32\Drivers\avgtdix.sys The system cannot find the path specified. !
? C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys The system cannot find the file specified. !
? C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys The system cannot find the file specified. !
? C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys The system cannot find the file specified. !
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB288E000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB28B1050]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[900] ole32.dll!CoCreateInstance 76D89EA6 5 Bytes JMP 00EC000A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!FindResourceExA 75822575 7 Bytes JMP 28001D90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!FindResourceA 75822653 5 Bytes JMP 28001D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!CreateEventA 758444C0 5 Bytes JMP 28001850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!LockResource 758468DF 5 Bytes JMP 28001F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!FindResourceExW 758469FD 7 Bytes JMP 28001C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!LoadResource 75846ADB 7 Bytes JMP 28001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!FindResourceW 75847FA1 5 Bytes JMP 28001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] kernel32.dll!SizeofResource 75847FBF 7 Bytes JMP 28001EF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] ADVAPI32.dll!CryptDeriveKey 76F7FCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] ADVAPI32.dll!CryptDecrypt 76F7FE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!CreateDialogParamW 772972A2 5 Bytes JMP 28006110 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!SetWindowPlacement 77297963 5 Bytes JMP 28005E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!SetWindowRgn 7729A221 7 Bytes JMP 28005FD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!LoadImageW 7729C9E5 5 Bytes JMP 28006760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!LoadIconW 7729DA9F 5 Bytes JMP 28006950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 28003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!GetWindowLongW 772AF8BF 7 Bytes JMP 28006AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 280046B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!TrackPopupMenuEx 772C0CE7 5 Bytes JMP 28004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] USER32.dll!MessageBoxIndirectW 772ED5D3 5 Bytes JMP 28006300 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] SHELL32.dll!Shell_NotifyIconW 75D78626 5 Bytes JMP 28003430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] ole32.dll!CoRegisterClassObject 76D47DB6 5 Bytes JMP 28002370 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] ole32.dll!CoCreateInstance 76D89EA6 5 Bytes JMP 28002610 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] ole32.dll!CoInitializeEx 76D8AD63 5 Bytes JMP 28002270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] WININET.dll!InternetReadFile 76E9654B 5 Bytes JMP 2800A0E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] WININET.dll!InternetCloseHandle 76E99088 5 Bytes JMP 2800A290 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] WININET.dll!HttpOpenRequestA 76E9D508 5 Bytes JMP 28009F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4852] WININET.dll!HttpSendRequestA 76EAEE89 5 Bytes JMP 2800A1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B604] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068AABA] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B72E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068AB82] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068AC00] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069DB9A] \SystemRoot\System32\Drivers\sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F541D8
Device \FileSystem\fastfat \FatCdrom 89CC91D8
Device \Driver\netbt \Device\NetBT_Tcpip_{A481E1CD-054C-4CB4-89ED-4CDE3AE4ACF9} 87C7B1D8
Device \Driver\volmgr \Device\VolMgrControl 84F501D8
Device \Driver\netbt \Device\NetBT_Tcpip_{A51A0C59-5648-49B8-ABBE-39FA49808573} 87C7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 876022C8
Device \Driver\netbt \Device\NetBT_Tcpip_{66115FDE-0EC9-439A-9CC1-28B466747DC0} 87C7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 876022C8
Device \Driver\usbuhci \Device\USBPDO-2 876022C8
Device \Driver\usbehci \Device\USBPDO-3 876DF980
Device \Driver\usbuhci \Device\USBPDO-4 876022C8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 876022C8
Device \Driver\usbuhci \Device\USBPDO-6 876022C8
Device \Driver\usbehci \Device\USBPDO-7 876DF980
Device \Driver\volmgr \Device\HarddiskVolume1 84F501D8
Device \Driver\volmgr \Device\HarddiskVolume2 84F501D8
Device \Driver\cdrom \Device\CdRom0 876051D8
Device \Driver\volmgr \Device\HarddiskVolume3 84F501D8
Device \Driver\atapi \Device\Ide\IdePort0 84F521D8
Device \Driver\atapi \Device\Ide\IdePort1 84F521D8
Device \Driver\atapi \Device\Ide\IdePort2 84F521D8
Device \Driver\atapi \Device\Ide\IdePort3 84F521D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84F521D8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 84F531D8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 84F531D8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 84F531D8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 84F531D8
Device \Driver\volmgr \Device\HarddiskVolume4 84F501D8
Device \Driver\volmgr \Device\HarddiskVolume5 84F501D8
Device \Driver\volmgr \Device\HarddiskVolume6 84F501D8
Device \Driver\volmgr \Device\HarddiskVolume7 84F501D8
Device \Driver\netbt \Device\NetBt_Wins_Export 87C7B1D8
Device \Driver\volmgr \Device\HarddiskVolume8 84F501D8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

Device \Driver\usbuhci \Device\USBFDO-0 876022C8
Device \Driver\usbuhci \Device\USBFDO-1 876022C8
Device \Driver\usbuhci \Device\USBFDO-2 876022C8
Device \Driver\usbehci \Device\USBFDO-3 876DF980
Device \Driver\usbuhci \Device\USBFDO-4 876022C8
Device \Driver\usbuhci \Device\USBFDO-5 876022C8
Device \Driver\usbuhci \Device\USBFDO-6 876022C8
Device \Driver\usbehci \Device\USBFDO-7 876DF980
Device \FileSystem\fastfat \Fat 89CC91D8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys

Device -> \Driver\atapi \Device\Harddisk0\DR0 86146618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556d9fc53
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1186719012
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 557706115
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xB6 0xD1 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\002556d9fc53 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xB6 0xD1 0xF8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\002556d9fc53 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xB6 0xD1 0xF8 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 03 January 2010 - 07:53 PM

Hi,

you have been infected by a rather nasty rootkit.

It allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still wish to clean rather than reformat please run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 04 January 2010 - 06:22 AM

ComboFix 10-01-03.05 - admin 01/04/2010 11:00:50.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.2098 [GMT 0:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3912155943-1104286279-3013957238-1001
c:\$recycle.bin\S-1-5-21-3912155943-1104286279-3013957238-1002
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\admin\AppData\Roaming\.#
c:\windows\system32\oem13.inf
c:\windows\system32\oem14.inf
c:\windows\system32\oem15.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 11:11 . 2010-01-04 11:11 -------- d-----w- c:\users\admin\AppData\Local\temp
2010-01-03 13:01 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVENG.SYS
2010-01-03 13:01 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\EECTRL.SYS
2010-01-03 13:01 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\CCERASER.DLL
2010-01-03 13:01 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\ECMSVR32.DLL
2010-01-03 13:01 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVENG32.DLL
2010-01-03 13:01 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVEX32A.DLL
2010-01-03 13:01 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVEX15.SYS
2010-01-03 13:01 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\ERASER.SYS
2010-01-02 22:12 . 2010-01-02 22:12 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Roaming\Creative
2010-01-02 22:10 . 2010-01-02 22:10 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Roaming\Symantec
2010-01-02 13:20 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\NAVEX32A.DLL
2010-01-02 13:20 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\NAVEX15.SYS
2010-01-02 13:20 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\NAVENG32.DLL
2010-01-02 13:20 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\NAVENG.SYS
2010-01-02 13:20 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\EECTRL.SYS
2010-01-02 13:20 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\CCERASER.DLL
2010-01-02 13:20 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\ECMSVR32.DLL
2010-01-02 13:20 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091231.041\ERASER.SYS
2010-01-02 13:17 . 2009-11-20 22:22 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\Scxpx86.dll
2010-01-02 13:17 . 2009-11-20 22:22 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSxpx86.dll
2010-01-02 13:17 . 2009-11-20 22:22 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSviA64.sys
2010-01-02 13:17 . 2009-11-20 22:22 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSvix86.sys
2010-01-02 13:17 . 2009-11-20 22:22 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\SymIDSco.sys
2010-01-02 13:17 . 2009-11-20 22:22 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\SymIDSI.dll
2010-01-02 13:17 . 2009-11-20 22:22 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDS9xx86.dll
2010-01-02 13:17 . 2009-11-20 22:22 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDS9xx86.dll
2010-01-02 12:48 . 2010-01-02 22:08 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-01-02 12:46 . 2010-01-02 12:50 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-02 12:45 . 2010-01-02 12:50 -------- d-----w- c:\program files\Symantec
2010-01-02 12:45 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2010-01-02 12:45 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2010-01-02 12:45 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2010-01-02 12:45 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2010-01-02 12:45 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2010-01-02 12:45 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2010-01-02 12:45 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2010-01-02 12:45 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2010-01-02 12:42 . 2010-01-02 13:08 -------- d-----w- c:\users\admin\AppData\Roaming\Symantec
2009-12-31 15:35 . 2009-12-31 15:35 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\Mozilla
2009-12-31 15:09 . 2010-01-03 00:36 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\Google
2009-12-31 15:09 . 2009-12-31 15:09 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\SupportSoft
2009-12-31 15:09 . 2009-12-31 15:09 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\Broadcom
2009-12-31 15:07 . 2010-01-03 23:10 -------- d-----w- c:\users\Varghese Mathew.ASHWIN
2009-12-31 14:32 . 2009-12-31 14:32 -------- d-----w- c:\programdata\Google Updater
2009-12-29 13:42 . 2009-12-29 13:42 -------- d-----w- c:\users\admin\DoctorWeb
2009-12-29 13:37 . 2009-11-25 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 23:07 . 2009-12-28 23:07 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-12-28 23:07 . 2009-12-28 23:07 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-28 23:07 . 2009-12-28 23:07 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-28 23:06 . 2009-12-28 23:06 -------- d-----w- c:\program files\Sony Ericsson
2009-12-28 16:56 . 2009-12-28 16:56 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-28 16:55 . 2009-12-28 16:55 -------- d-----w- c:\program files\Real
2009-12-28 16:55 . 2009-12-28 16:56 -------- d-----w- c:\program files\Common Files\Real
2009-12-24 14:19 . 2009-12-24 14:20 -------- d-----w- c:\users\admin\AppData\Local\qkoqyt
2009-12-22 11:53 . 2009-12-22 11:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-21 15:47 . 2009-12-21 15:47 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2009-12-20 19:58 . 2009-12-20 19:58 -------- d-----w- c:\users\admin\AppData\Local\MigWiz
2009-12-20 16:08 . 2009-12-20 16:08 -------- d-----w- c:\windows\system32\Dell
2009-12-20 12:34 . 2009-12-22 18:28 -------- d-----w- c:\program files\Trend Micro
2009-12-20 11:46 . 2009-12-20 11:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-13 11:21 . 2009-12-13 11:21 -------- d-----w- c:\windows\$regcmp$
2009-12-10 15:51 . 2009-12-10 15:51 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2009-12-10 15:51 . 2009-12-10 15:51 -------- d-----w- c:\programdata\Malwarebytes
2009-12-09 22:07 . 2009-12-09 22:07 -------- d-----w- c:\program files\AVG
2009-12-09 22:07 . 2010-01-03 23:10 -------- d-----w- c:\programdata\avg9
2009-12-09 21:58 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 21:58 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 21:58 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 21:57 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 18:33 . 2009-12-09 19:20 -------- d-----w- c:\users\admin\AppData\Roaming\FrostWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 11:00 . 2010-01-04 11:00 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-01-04 10:56 . 2009-08-29 06:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-04 10:52 . 2009-09-26 08:19 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2010-01-04 10:51 . 2009-09-26 08:23 -------- d-----w- c:\users\admin\AppData\Roaming\skypePM
2010-01-03 20:27 . 2009-08-29 05:48 6756 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2010-01-03 20:19 . 2009-09-03 15:03 -------- d-----w- c:\program files\Google
2010-01-03 20:14 . 2009-09-01 16:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-02 13:17 . 2009-10-21 05:58 -------- d-----w- c:\programdata\Symantec
2010-01-02 13:05 . 2009-10-21 06:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-02 12:50 . 2010-01-02 12:46 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-02 12:50 . 2010-01-02 12:46 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-31 15:33 . 2009-12-31 15:08 105952 ----a-w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 14:07 . 2009-09-17 06:27 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-29 17:00 . 2009-09-06 12:41 -------- d-----w- c:\program files\Yahoo!
2009-12-28 23:52 . 2009-09-07 06:18 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2009-12-28 23:11 . 2009-12-28 23:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-12-21 15:05 . 2009-08-29 06:33 -------- d-----w- c:\programdata\McAfee
2009-12-20 22:52 . 2009-08-29 06:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-20 16:08 . 2009-08-29 05:51 -------- d-----w- c:\program files\Dell
2009-12-09 22:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 22:33 . 2009-08-29 06:49 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 22:16 . 2009-10-16 15:09 -------- d-----w- c:\users\admin\AppData\Roaming\uTorrent
2009-12-09 21:42 . 2009-08-29 07:48 -------- d-----w- c:\users\admin\AppData\Roaming\Winamp
2009-12-09 18:29 . 2009-09-10 16:28 -------- d-----w- c:\users\admin\AppData\Roaming\LimeWire
2009-12-04 20:01 . 2009-12-04 20:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-03 17:31 . 2009-12-03 17:31 -------- d-----w- c:\programdata\Sports Interactive
2009-12-03 17:30 . 2009-12-03 17:30 -------- d-----w- c:\users\admin\AppData\Roaming\Sports Interactive
2009-12-03 17:00 . 2009-08-29 05:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 16:45 . 2009-12-03 16:39 -------- d--h--w- c:\program files\Zero G Registry
2009-12-01 18:17 . 2009-12-01 18:17 -------- d-----w- c:\users\admin\AppData\Roaming\Dell
2009-12-01 18:11 . 2009-12-01 18:11 -------- dc-h--w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
2009-12-01 18:10 . 2009-12-01 18:10 -------- d-----w- c:\programdata\Dell
2009-11-24 07:53 . 2009-11-24 07:53 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA2C6.tmp.exe
2009-11-23 15:52 . 2009-11-08 13:49 -------- d-----w- c:\program files\Xvid
2009-11-21 06:40 . 2009-12-09 22:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 22:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 22:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 22:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 22:22 . 2010-01-02 12:52 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-11-20 22:22 . 2010-01-02 12:52 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-11-20 22:22 . 2010-01-02 12:52 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-11-20 22:22 . 2010-01-02 12:52 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-11-20 22:22 . 2010-01-02 12:52 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-11-20 22:22 . 2010-01-02 12:52 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-11-17 16:03 . 2009-09-08 15:00 -------- d-----w- c:\program files\Java
2009-11-17 15:40 . 2009-11-17 15:40 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 15:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 15:35 . 2009-11-17 15:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 15:34 . 2009-11-17 15:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 07:49 . 2009-11-16 07:48 -------- d-----w- c:\program files\iTunes
2009-11-16 07:48 . 2009-11-16 07:48 -------- d-----w- c:\program files\iPod
2009-11-16 07:48 . 2009-08-29 07:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-16 07:48 . 2009-08-29 07:50 -------- d-----w- c:\programdata\Apple Computer
2009-11-16 07:41 . 2009-11-16 07:41 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-16 06:19 . 2009-09-30 18:43 -------- d-----w- c:\program files\Defraggler
2009-11-16 06:19 . 2009-10-02 18:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-16 06:18 . 2009-10-20 20:56 -------- d-----w- c:\program files\NortonInstaller
2009-11-15 22:24 . 2009-09-06 14:44 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-15 22:24 . 2009-08-29 05:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-09 21:01 . 2009-11-09 21:01 -------- d-----w- c:\program files\Opti Drive Control
2009-11-09 19:16 . 2009-10-21 05:58 -------- d-----w- c:\programdata\Norton
2009-11-09 18:36 . 2009-11-09 18:36 -------- d-----w- c:\programdata\Citrix
2009-11-09 18:35 . 2009-11-09 18:35 -------- d-----w- c:\program files\Citrix
2009-11-07 12:54 . 2009-11-05 16:25 -------- d-----w- c:\programdata\YoGen
2009-11-07 12:20 . 2009-11-07 12:20 -------- d-----w- c:\program files\AnalogX
2009-11-06 16:04 . 2009-08-29 07:52 -------- d-----w- c:\users\admin\AppData\Roaming\Apple Computer
2009-11-02 20:42 . 2009-12-03 16:28 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 16:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-19 16:56 . 2009-12-01 18:11 3295808 -c--a-w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe
2009-10-19 15:55 . 2009-10-19 15:42 38 ----a-w- c:\users\admin\jagex_runescape_preferences.dat
2009-10-19 15:43 . 2009-10-19 15:43 45 ----a-w- c:\users\admin\jagex_runescape_preferences2.dat
2009-10-19 07:03 . 2009-11-04 18:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\naveng.sys
2009-10-19 07:03 . 2009-11-04 18:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\eeCtrl.sys
2009-10-19 07:03 . 2009-11-04 18:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\cceraser.dll
2009-10-19 07:03 . 2009-11-04 18:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\ecmsvr32.dll
2009-10-19 07:03 . 2009-11-04 18:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\naveng32.dll
2009-10-19 07:03 . 2009-11-04 18:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\navex32a.dll
2009-10-19 07:03 . 2009-11-04 18:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\navex15.sys
2009-10-19 07:03 . 2009-11-04 18:00 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\ERASER.sys
2009-10-13 19:25 . 2009-10-13 19:25 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-10-11 04:17 . 2009-09-08 15:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-17 08:07 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-17 08:07 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-17 08:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2008-06-30 13:44 . 2010-01-02 22:09 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-08-29 06:46 . 2009-08-29 06:46 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-13 3563520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-03 122368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-06 483428]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2009-12-31 160752]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:98,7d,d3,c0,66,37,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3912155943-1104286279-3013957238-1000]
"EnableNotificationsRef"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [1/2/2010 1:17 PM 286768]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/29 12:35];c:\program files\CyberLink\PowerDVD9\000.fcl [8/28/2009 11:57 AM 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [8/29/2009 5:53 AM 81920]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 2:11 PM 155648]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2/18/2008 7:37 PM 149352]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 8:33 AM 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 1:42 PM 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 3:05 PM 92008]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/29/2009 6:01 AM 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\System32\drivers\CtClsFlt.sys [8/29/2009 6:44 AM 144128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/2/2010 1:20 PM 102448]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [3/6/2009 6:30 AM 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [3/19/2009 4:02 PM 271552]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/5/2008 7:34 PM 41008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/8/2009 5:39 PM 639224]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/13/2008 2:32 AM 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 2:33 AM 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [12/28/2009 11:07 PM 13224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 14:32]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{10498336-D2EF-430F-97BC-9234B454EB2D}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{2153855D-8531-4E8A-BFA5-05732DB4A2A2}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\kqv66vgt.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 11:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85EF6618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x831a8d24
\Driver\ACPI -> acpi.sys @ 0x80697d68
\Driver\atapi -> ataport.SYS @ 0x8079ea2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-04 11:14:51
ComboFix-quarantined-files.txt 2010-01-04 11:14

Pre-Run: 9,652,097,024 bytes free
Post-Run: 9,596,456,960 bytes free

- - End Of File - - 55D3DA92BD2B9280C0AD82CDF782FDBA

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 04 January 2010 - 09:32 AM

Hi,

ComboFix did not fix the problem automatically.

Please have a search for atapi.sys with the following tool:
Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
    atapi.*
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards myrti

Edited by myrti, 04 January 2010 - 09:32 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 04 January 2010 - 10:56 AM

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:54 on 04/01/2010 by admin (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.*"
C:\Windows\ERDNT\cache\atapi.sys --a--- 19944 bytes [11:12 04/01/2010] [14:07 30/12/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [06:27 17/09/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [02:32 21/01/2008] [02:32 21/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [06:27 17/09/2009] [14:07 30/12/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [02:32 21/01/2008] [02:32 21/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [06:27 17/09/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

-=End Of File=-

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 04 January 2010 - 11:26 AM

Hi,

ok, please run the following script for ComboFix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\ERDNT\cache\atapi.sys | C:\Windows\System32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 04 January 2010 - 12:20 PM

ComboFix 10-01-03.05 - admin 01/04/2010 17:11:02.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1711 [GMT 0:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\atapi.sys --> c:\windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 17:17 . 2010-01-04 17:17 -------- d-----w- c:\users\admin\AppData\Local\temp
2010-01-04 17:17 . 2010-01-04 17:17 -------- d-----w- c:\users\Varghese Mathew\AppData\Local\temp
2010-01-04 17:17 . 2010-01-04 17:17 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\temp
2010-01-04 17:17 . 2010-01-04 17:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-04 17:17 . 2010-01-04 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-04 15:42 . 2010-01-04 15:42 -------- d-----w- c:\program files\Alcohol Soft
2010-01-04 15:24 . 2010-01-04 15:24 -------- d-----w- c:\program files\MagicISO
2010-01-04 14:08 . 2010-01-04 14:08 -------- d-----w- c:\program files\uTorrent
2010-01-04 11:38 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\NAVENG.SYS
2010-01-04 11:38 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\EECTRL.SYS
2010-01-04 11:38 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\CCERASER.DLL
2010-01-04 11:38 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\ECMSVR32.DLL
2010-01-04 11:38 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\NAVENG32.DLL
2010-01-04 11:38 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\NAVEX32A.DLL
2010-01-04 11:38 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\NAVEX15.SYS
2010-01-04 11:38 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100103.020\ERASER.SYS
2010-01-03 13:01 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVENG.SYS
2010-01-03 13:01 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\EECTRL.SYS
2010-01-03 13:01 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\CCERASER.DLL
2010-01-03 13:01 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\ECMSVR32.DLL
2010-01-03 13:01 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVENG32.DLL
2010-01-03 13:01 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVEX32A.DLL
2010-01-03 13:01 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\NAVEX15.SYS
2010-01-03 13:01 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100102.020\ERASER.SYS
2010-01-02 22:12 . 2010-01-02 22:12 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Roaming\Creative
2010-01-02 22:10 . 2010-01-02 22:10 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Roaming\Symantec
2010-01-02 13:17 . 2009-11-20 22:22 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\Scxpx86.dll
2010-01-02 13:17 . 2009-11-20 22:22 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSxpx86.dll
2010-01-02 13:17 . 2009-11-20 22:22 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSviA64.sys
2010-01-02 13:17 . 2009-11-20 22:22 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDSvix86.sys
2010-01-02 13:17 . 2009-11-20 22:22 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\SymIDSco.sys
2010-01-02 13:17 . 2009-11-20 22:22 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\SymIDSI.dll
2010-01-02 13:17 . 2009-11-20 22:22 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091217.001\IDS9xx86.dll
2010-01-02 13:17 . 2009-11-20 22:22 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDS9xx86.dll
2010-01-02 12:48 . 2010-01-02 22:08 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-01-02 12:46 . 2010-01-02 12:50 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-02 12:45 . 2010-01-02 12:50 -------- d-----w- c:\program files\Symantec
2010-01-02 12:45 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2010-01-02 12:45 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2010-01-02 12:45 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2010-01-02 12:45 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2010-01-02 12:45 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2010-01-02 12:45 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2010-01-02 12:45 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2010-01-02 12:45 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2010-01-02 12:42 . 2010-01-02 13:08 -------- d-----w- c:\users\admin\AppData\Roaming\Symantec
2009-12-31 15:35 . 2009-12-31 15:35 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\Mozilla
2009-12-31 15:09 . 2010-01-03 00:36 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\Google
2009-12-31 15:09 . 2009-12-31 15:09 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\SupportSoft
2009-12-31 15:09 . 2009-12-31 15:09 -------- d-----w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\Broadcom
2009-12-31 15:07 . 2010-01-03 23:10 -------- d-----w- c:\users\Varghese Mathew.ASHWIN
2009-12-31 14:32 . 2009-12-31 14:32 -------- d-----w- c:\programdata\Google Updater
2009-12-29 13:42 . 2009-12-29 13:42 -------- d-----w- c:\users\admin\DoctorWeb
2009-12-29 13:37 . 2009-11-25 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 23:07 . 2009-12-28 23:07 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-12-28 23:07 . 2009-12-28 23:07 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-28 23:07 . 2009-12-28 23:07 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-28 23:06 . 2009-12-28 23:06 -------- d-----w- c:\program files\Sony Ericsson
2009-12-28 16:56 . 2009-12-28 16:56 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-28 16:55 . 2009-12-28 16:55 -------- d-----w- c:\program files\Real
2009-12-28 16:55 . 2009-12-28 16:56 -------- d-----w- c:\program files\Common Files\Real
2009-12-24 14:19 . 2009-12-24 14:20 -------- d-----w- c:\users\admin\AppData\Local\qkoqyt
2009-12-22 11:53 . 2009-12-22 11:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-21 15:47 . 2009-12-21 15:47 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2009-12-20 19:58 . 2009-12-20 19:58 -------- d-----w- c:\users\admin\AppData\Local\MigWiz
2009-12-20 16:08 . 2009-12-20 16:08 -------- d-----w- c:\windows\system32\Dell
2009-12-20 12:34 . 2009-12-22 18:28 -------- d-----w- c:\program files\Trend Micro
2009-12-20 11:46 . 2009-12-20 11:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-13 11:21 . 2009-12-13 11:21 -------- d-----w- c:\windows\$regcmp$
2009-12-10 15:51 . 2009-12-10 15:51 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2009-12-10 15:51 . 2009-12-10 15:51 -------- d-----w- c:\programdata\Malwarebytes
2009-12-09 22:07 . 2009-12-09 22:07 -------- d-----w- c:\program files\AVG
2009-12-09 22:07 . 2010-01-03 23:10 -------- d-----w- c:\programdata\avg9
2009-12-09 21:58 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 21:58 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 21:58 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 21:57 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 18:33 . 2009-12-09 19:20 -------- d-----w- c:\users\admin\AppData\Roaming\FrostWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 17:06 . 2009-08-29 06:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-04 17:06 . 2009-10-16 15:09 -------- d-----w- c:\users\admin\AppData\Roaming\uTorrent
2010-01-04 17:04 . 2009-09-26 08:19 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2010-01-04 16:03 . 2009-09-26 08:23 -------- d-----w- c:\users\admin\AppData\Roaming\skypePM
2010-01-04 15:38 . 2009-09-08 17:39 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-03 20:27 . 2009-08-29 05:48 6756 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2010-01-03 20:19 . 2009-09-03 15:03 -------- d-----w- c:\program files\Google
2010-01-03 20:14 . 2009-09-01 16:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-02 13:17 . 2009-10-21 05:58 -------- d-----w- c:\programdata\Symantec
2010-01-02 13:05 . 2009-10-21 06:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-02 12:50 . 2010-01-02 12:46 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-02 12:50 . 2010-01-02 12:46 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-31 15:33 . 2009-12-31 15:08 105952 ----a-w- c:\users\Varghese Mathew.ASHWIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 14:07 . 2009-09-17 06:27 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-29 17:00 . 2009-09-06 12:41 -------- d-----w- c:\program files\Yahoo!
2009-12-28 23:52 . 2009-09-07 06:18 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2009-12-28 23:11 . 2009-12-28 23:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-12-21 15:05 . 2009-08-29 06:33 -------- d-----w- c:\programdata\McAfee
2009-12-20 22:52 . 2009-08-29 06:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-20 16:08 . 2009-08-29 05:51 -------- d-----w- c:\program files\Dell
2009-12-09 22:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 22:33 . 2009-08-29 06:49 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 21:42 . 2009-08-29 07:48 -------- d-----w- c:\users\admin\AppData\Roaming\Winamp
2009-12-09 18:29 . 2009-09-10 16:28 -------- d-----w- c:\users\admin\AppData\Roaming\LimeWire
2009-12-04 20:01 . 2009-12-04 20:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-03 17:31 . 2009-12-03 17:31 -------- d-----w- c:\programdata\Sports Interactive
2009-12-03 17:30 . 2009-12-03 17:30 -------- d-----w- c:\users\admin\AppData\Roaming\Sports Interactive
2009-12-03 17:00 . 2009-08-29 05:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 16:45 . 2009-12-03 16:39 -------- d--h--w- c:\program files\Zero G Registry
2009-12-01 18:17 . 2009-12-01 18:17 -------- d-----w- c:\users\admin\AppData\Roaming\Dell
2009-12-01 18:11 . 2009-12-01 18:11 -------- dc-h--w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
2009-12-01 18:10 . 2009-12-01 18:10 -------- d-----w- c:\programdata\Dell
2009-11-24 07:53 . 2009-11-24 07:53 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA2C6.tmp.exe
2009-11-23 15:52 . 2009-11-08 13:49 -------- d-----w- c:\program files\Xvid
2009-11-21 06:40 . 2009-12-09 22:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 22:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 22:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 22:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 22:22 . 2010-01-02 12:52 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-11-20 22:22 . 2010-01-02 12:52 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-11-20 22:22 . 2010-01-02 12:52 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-11-20 22:22 . 2010-01-02 12:52 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-11-20 22:22 . 2010-01-02 12:52 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-11-20 22:22 . 2010-01-02 12:52 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-11-17 16:03 . 2009-09-08 15:00 -------- d-----w- c:\program files\Java
2009-11-17 15:40 . 2009-11-17 15:40 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 15:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 15:35 . 2009-11-17 15:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 15:34 . 2009-11-17 15:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 07:49 . 2009-11-16 07:48 -------- d-----w- c:\program files\iTunes
2009-11-16 07:48 . 2009-11-16 07:48 -------- d-----w- c:\program files\iPod
2009-11-16 07:48 . 2009-08-29 07:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-16 07:48 . 2009-08-29 07:50 -------- d-----w- c:\programdata\Apple Computer
2009-11-16 07:41 . 2009-11-16 07:41 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-16 06:19 . 2009-09-30 18:43 -------- d-----w- c:\program files\Defraggler
2009-11-16 06:19 . 2009-10-02 18:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-16 06:18 . 2009-10-20 20:56 -------- d-----w- c:\program files\NortonInstaller
2009-11-15 22:24 . 2009-09-06 14:44 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-15 22:24 . 2009-08-29 05:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-09 21:01 . 2009-11-09 21:01 -------- d-----w- c:\program files\Opti Drive Control
2009-11-09 19:16 . 2009-10-21 05:58 -------- d-----w- c:\programdata\Norton
2009-11-09 18:36 . 2009-11-09 18:36 -------- d-----w- c:\programdata\Citrix
2009-11-09 18:35 . 2009-11-09 18:35 -------- d-----w- c:\program files\Citrix
2009-11-07 12:54 . 2009-11-05 16:25 -------- d-----w- c:\programdata\YoGen
2009-11-07 12:20 . 2009-11-07 12:20 -------- d-----w- c:\program files\AnalogX
2009-11-06 16:04 . 2009-08-29 07:52 -------- d-----w- c:\users\admin\AppData\Roaming\Apple Computer
2009-11-02 20:42 . 2009-12-03 16:28 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 16:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-19 16:56 . 2009-12-01 18:11 3295808 -c--a-w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe
2009-10-19 15:55 . 2009-10-19 15:42 38 ----a-w- c:\users\admin\jagex_runescape_preferences.dat
2009-10-19 15:43 . 2009-10-19 15:43 45 ----a-w- c:\users\admin\jagex_runescape_preferences2.dat
2009-10-19 07:03 . 2009-11-04 18:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\naveng.sys
2009-10-19 07:03 . 2009-11-04 18:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\eeCtrl.sys
2009-10-19 07:03 . 2009-11-04 18:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\cceraser.dll
2009-10-19 07:03 . 2009-11-04 18:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\ecmsvr32.dll
2009-10-19 07:03 . 2009-11-04 18:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\naveng32.dll
2009-10-19 07:03 . 2009-11-04 18:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\navex32a.dll
2009-10-19 07:03 . 2009-11-04 18:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\navex15.sys
2009-10-19 07:03 . 2009-11-04 18:00 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091104.009\ERASER.sys
2009-10-13 19:25 . 2009-10-13 19:25 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-10-11 04:17 . 2009-09-08 15:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-17 08:07 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-17 08:07 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-17 08:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2008-06-30 13:44 . 2010-01-02 22:09 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-08-29 06:46 . 2009-08-29 06:46 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-04 289584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-13 3563520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-03 122368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-06 483428]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2009-12-31 160752]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:98,7d,d3,c0,66,37,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3912155943-1104286279-3013957238-1000]
"EnableNotificationsRef"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [1/2/2010 1:17 PM 286768]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/29 12:35];c:\program files\CyberLink\PowerDVD9\000.fcl [8/28/2009 11:57 AM 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [8/29/2009 5:53 AM 81920]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 2:11 PM 155648]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2/18/2008 7:37 PM 149352]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 8:33 AM 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 1:42 PM 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 3:05 PM 92008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\System32\drivers\CtClsFlt.sys [8/29/2009 6:44 AM 144128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/2/2010 1:20 PM 102448]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [3/6/2009 6:30 AM 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [3/19/2009 4:02 PM 271552]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/5/2008 7:34 PM 41008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/8/2009 5:39 PM 721904]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/29/2009 6:01 AM 29736]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/13/2008 2:32 AM 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 2:33 AM 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [12/28/2009 11:07 PM 13224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 14:32]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{10498336-D2EF-430F-97BC-9234B454EB2D}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{2153855D-8531-4E8A-BFA5-05732DB4A2A2}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\kqv66vgt.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 17:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-04 17:19:03
ComboFix-quarantined-files.txt 2010-01-04 17:19
ComboFix2.txt 2010-01-04 11:14

Pre-Run: 10,210,349,056 bytes free
Post-Run: 10,188,201,984 bytes free

- - End Of File - - 2BA8CB1B1E9C3BCB6A37CD5757A7732B

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 04 January 2010 - 12:35 PM

Hi,

can you please tell me if you are still being redirected.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 achu

achu
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:41 AM

Posted 04 January 2010 - 12:48 PM

hi thanks very much it is not redirecting but i have a file called desktop.ini every where




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users