Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser re-directs, cpu hogging and crashing with looping sounds


  • This topic is locked This topic is locked
6 replies to this topic

#1 Night hawk

Night hawk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 24 December 2009 - 06:49 PM

Hey guys, im facing a somewhat persistant and irritating virus or suchlike. It re-directs google search results to other sites. Some attempt drive by's and others are just generally useless.

It also seems to be hogging cpu or similar, ive started running slow and crashes if i attempt to do anything complex. Such as playing a game or using skype.

Im running windows xp with 3 gig of ram, an AMD Athlon 6000+, 2 8800gtx's and a 250 gig hdd.

Attached is the HJM log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:43, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam2\steam.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam2\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A95BAC-0475-4D62-AA6B-162176F5D7F0}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8971 bytes


Cheers in advance and a very merry christmass to all of you.

Attached Files


Edited by Night hawk, 24 December 2009 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:23 AM

Posted 05 January 2010 - 06:59 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#3 Night hawk

Night hawk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 09 January 2010 - 07:55 AM

Right, before this post i also did a various number of things mentioned in other peoples threads. I have installed and ran the following: Rkill, TFC, SuperAntiSpyware, MalwareBytes and Spyware doctor. Possibly another couple too.

Since doing the above, i no longer get re-directs and my pc is somewhat back to her old self. The only thing is it takes ages to boot still, even with msconfig set to load nothing at boot. Games refuse to start either. They crash the machine or just appear to load up and then not start.

Here are the two logs requested and the Gmer log is attached.

Ok, wierd, thistime i only got a log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Simon at 2010-01-09 12:53:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (11%) free of 238 GB
Total RAM: 3070 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:06, on 09/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam2\steam.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\Desktop\Jan10\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Simon.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam2\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A95BAC-0475-4D62-AA6B-162176F5D7F0}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9179 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-19 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-22 2033432]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-06-10 286720]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.11\RivaTuner.exe [2008-09-16 2715648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-11-09 1126400]
"Launch Ai Booster"=C:\Program Files\ASUS\AI Booster\OverClk.exe []
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe [2006-11-14 363008]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Steam"=c:\program files\steam2\steam.exe [2009-11-11 1217808]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe []
"PlayNC Launcher"= []
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

C:\Documents and Settings\Simon\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-19 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of DutyŽ 4 - Modern Warfare™ "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam\steamapps\common\fear2spdemo\FEAR2SPDemo.exe"="C:\Program Files\Steam\steamapps\common\fear2spdemo\FEAR2SPDemo.exe:*:Enabled:F.E.A.R. 2: Project Origin Single-player Demo"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe:*:Enabled:World of Goo Demo"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe"="C:\Program Files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X - Demo"
"C:\Program Files\Steam\steamapps\common\fuel - demo\FUEL.exe"="C:\Program Files\Steam\steamapps\common\fuel - demo\FUEL.exe:*:Enabled:FUEL - Demo"
"C:\Program Files\Steam\steamapps\common\trine demo\trine_launcher.exe"="C:\Program Files\Steam\steamapps\common\trine demo\trine_launcher.exe:*:Enabled:Trine Demo"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Steam\steamapps\common\trials 2 second edition\launcher.exe"="C:\Program Files\Steam\steamapps\common\trials 2 second edition\launcher.exe:*:Enabled:Trials 2: Second Edition"
"C:\Program Files\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe"="C:\Program Files\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum - Demo"
"C:\Program Files\Steam\steamapps\common\darkest of days demo\darkestofdays.exe"="C:\Program Files\Steam\steamapps\common\darkest of days demo\darkestofdays.exe:*:Enabled:Darkest of Days Demo"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Steam2\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe"="C:\Program Files\Steam2\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum - Demo"
"C:\Program Files\Steam2\steamapps\common\fuel - demo\FUEL.exe"="C:\Program Files\Steam2\steamapps\common\fuel - demo\FUEL.exe:*:Enabled:FUEL - Demo"
"C:\Program Files\Steam2\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe"="C:\Program Files\Steam2\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X - Demo"
"C:\Program Files\Steam2\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Program Files\Steam2\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam2\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Program Files\Steam2\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam2\steamapps\common\trials 2 second edition\launcher.exe"="C:\Program Files\Steam2\steamapps\common\trials 2 second edition\launcher.exe:*:Enabled:Trials 2: Second Edition"
"C:\Program Files\Steam2\steamapps\common\trine demo\trine_launcher.exe"="C:\Program Files\Steam2\steamapps\common\trine demo\trine_launcher.exe:*:Enabled:Trine Demo"
"C:\Program Files\Steam2\Steam.exe"="C:\Program Files\Steam2\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"="C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum"
"C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit"
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe"="C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit"
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe"="C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit"
"C:\Program Files\Steam2\steamapps\common\fear2spdemo\FEAR2SPDemo.exe"="C:\Program Files\Steam2\steamapps\common\fear2spdemo\FEAR2SPDemo.exe:*:Enabled:F.E.A.R. 2: Project Origin Single-player Demo"
"C:\Program Files\Steam2\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe"="C:\Program Files\Steam2\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl"
"C:\Program Files\Steam2\steamapps\common\swkotor\swkotor.exe"="C:\Program Files\Steam2\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic"
"C:\Program Files\Steam2\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe"="C:\Program Files\Steam2\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge"
"C:\Program Files\Steam2\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam2\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Steam2\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam2\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Steam2\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam2\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam2\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam2\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam2\steamapps\common\osmos\osmos.exe"="C:\Program Files\Steam2\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos"
"C:\Program Files\Steam2\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam2\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b303b42-c55f-11dd-a434-806d6172696f}]
shell\AutoRun\command - D:\.\Bin\Assetup.exe


======List of files/folders created in the last 1 months======

2010-01-09 12:17:27 ----D---- C:\rsit
2009-12-27 21:08:50 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2009-12-27 21:08:50 ----N---- C:\WINDOWS\system32\SMMedia.dll
2009-12-27 21:08:49 ----N---- C:\WINDOWS\system32\DSndUp.exe
2009-12-27 21:08:49 ----D---- C:\Program Files\Analog Devices
2009-12-27 21:08:48 ----N---- C:\WINDOWS\system32\CleanUp.exe
2009-12-27 21:06:42 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-12-26 13:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-26 13:35:43 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-26 13:35:43 ----D---- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com
2009-12-24 16:58:25 ----D---- C:\Program Files\Trend Micro
2009-12-24 15:44:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-24 11:58:14 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-12-24 11:58:14 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-12-24 11:58:14 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-12-24 11:58:14 ----A---- C:\WINDOWS\BDTSupport.dll
2009-12-24 11:56:32 ----D---- C:\Program Files\Common Files\PC Tools
2009-12-24 11:56:31 ----D---- C:\Program Files\Spyware Doctor
2009-12-24 11:56:31 ----D---- C:\Documents and Settings\Simon\Application Data\PC Tools
2009-12-24 11:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-12-19 21:55:41 ----D---- C:\WINDOWS\system32\AGEIA
2009-12-19 21:55:41 ----D---- C:\Program Files\AGEIA Technologies
2009-12-19 21:23:14 ----A---- C:\WINDOWS\system32\OpenCL.dll
2009-12-19 21:23:12 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-12-19 21:23:12 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-12-19 21:23:11 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-12-19 21:23:09 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-12-19 21:23:06 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2009-12-19 21:23:06 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-12-19 21:23:06 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-12-19 21:23:05 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-12-19 21:15:27 ----D---- C:\Program Files\SystemRequirementsLab
2009-12-19 21:15:21 ----D---- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
2009-12-19 21:01:39 ----HD---- C:\$AVG
2009-12-19 21:01:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-12-19 20:58:56 ----D---- C:\AVGTemp
2009-12-19 20:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-19 20:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-19 18:43:15 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-19 18:43:14 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-19 18:43:14 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-19 18:43:14 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-19 18:43:14 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-19 18:43:13 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-19 18:43:13 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-19 00:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-18 18:06:24 ----D---- C:\WINDOWS\Prefetch
2009-12-18 17:50:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-12-18 17:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-18 17:37:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-18 11:42:44 ----D---- C:\Documents and Settings\Simon\Application Data\Malwarebytes
2009-12-18 11:42:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-18 11:42:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-11 23:12:19 ----D---- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2009-12-11 23:12:19 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2009-12-11 23:12:19 ----A---- C:\WINDOWS\system32\ReWire.dll
2009-12-11 23:12:16 ----D---- C:\Documents and Settings\Simon\Application Data\Propellerhead Software
2009-12-11 23:10:33 ----D---- C:\Program Files\Propellerhead
2009-12-10 00:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 00:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 00:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-10 00:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 00:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 00:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-09 12:52:00 ----D---- C:\WINDOWS\Temp
2010-01-09 12:45:58 ----D---- C:\Program Files\Mozilla Firefox
2010-01-09 12:45:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-09 12:43:32 ----D---- C:\Documents and Settings\Simon\Application Data\WTablet
2010-01-09 12:43:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-09 12:43:01 ----D---- C:\Program Files\Steam2
2010-01-09 12:42:33 ----D---- C:\WINDOWS\system32
2010-01-09 12:00:41 ----D---- C:\Documents and Settings\Simon\Application Data\Spotify
2010-01-08 16:40:17 ----D---- C:\WINDOWS
2010-01-08 16:35:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-08 16:35:05 ----SHD---- C:\WINDOWS\Installer
2010-01-08 16:35:05 ----SHD---- C:\Config.Msi
2010-01-08 16:34:51 ----D---- C:\Program Files\NVIDIA Corporation
2010-01-08 16:34:50 ----D---- C:\WINDOWS\Help
2010-01-08 16:34:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-08 16:34:04 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 16:33:13 ----HD---- C:\WINDOWS\inf
2010-01-08 16:33:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-08 16:01:29 ----D---- C:\WINDOWS\Registration
2010-01-08 00:54:42 ----D---- C:\Program Files\VirtualDJ
2010-01-07 22:28:35 ----D---- C:\WTablet
2010-01-07 22:25:26 ----D---- C:\WINDOWS\Minidump
2009-12-27 22:49:30 ----D---- C:\Documents and Settings\Simon\Application Data\Skype
2009-12-27 22:46:17 ----D---- C:\Documents and Settings\Simon\Application Data\skypePM
2009-12-27 21:24:26 ----D---- C:\WINDOWS\system32\DirectX
2009-12-27 21:23:12 ----D---- C:\WINDOWS\Logs
2009-12-27 21:23:10 ----RSD---- C:\WINDOWS\assembly
2009-12-27 21:08:49 ----RD---- C:\Program Files
2009-12-27 21:06:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-27 21:06:27 ----A---- C:\WINDOWS\AS_Debug.txt
2009-12-26 13:35:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-24 21:20:28 ----D---- C:\WINDOWS\pss
2009-12-24 21:19:39 ----RSH---- C:\boot.ini
2009-12-24 21:19:39 ----A---- C:\WINDOWS\win.ini
2009-12-24 21:19:39 ----A---- C:\WINDOWS\system.ini
2009-12-24 16:03:52 ----D---- C:\Program Files\Autodesk
2009-12-24 16:02:40 ----D---- C:\Program Files\NCSoft
2009-12-24 11:57:23 ----D---- C:\WINDOWS\WinSxS
2009-12-24 11:56:32 ----D---- C:\Program Files\Common Files
2009-12-22 16:51:19 ----D---- C:\WINDOWS\system32\config
2009-12-22 16:50:30 ----D---- C:\WINDOWS\system32\wbem
2009-12-22 16:33:42 ----D---- C:\WINDOWS\system32\Restore
2009-12-19 23:33:08 ----RSD---- C:\WINDOWS\Fonts
2009-12-19 22:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-12-19 21:01:17 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-19 21:01:11 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-12-19 20:31:05 ----SD---- C:\Documents and Settings\Simon\Application Data\Microsoft
2009-12-19 20:14:31 ----A---- C:\WINDOWS\imsins.BAK
2009-12-19 20:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-19 18:27:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-19 00:10:58 ----D---- C:\Program Files\Messenger
2009-12-19 00:06:35 ----D---- C:\Program Files\Outlook Express
2009-12-18 19:44:38 ----D---- C:\Program Files\AVG
2009-12-18 18:06:29 ----A---- C:\WINDOWS\setuplog.txt
2009-12-18 18:05:47 ----D---- C:\WINDOWS\system32\Setup
2009-12-18 18:05:47 ----D---- C:\WINDOWS\AppPatch
2009-12-18 17:49:49 ----D---- C:\WINDOWS\security
2009-12-18 17:48:43 ----D---- C:\Program Files\Windows Media Player
2009-12-18 17:48:37 ----D---- C:\WINDOWS\ime
2009-12-18 17:48:33 ----D---- C:\WINDOWS\PeerNet
2009-12-18 17:48:33 ----D---- C:\Program Files\Movie Maker
2009-12-18 17:48:33 ----D---- C:\Program Files\Internet Explorer
2009-12-18 17:45:28 ----D---- C:\WINDOWS\system32\npp
2009-12-18 17:45:27 ----D---- C:\WINDOWS\msagent
2009-12-18 17:45:25 ----D---- C:\WINDOWS\srchasst
2009-12-18 17:45:23 ----D---- C:\Program Files\NetMeeting
2009-12-18 17:45:21 ----D---- C:\WINDOWS\system32\Com
2009-12-18 17:45:18 ----D---- C:\Program Files\Windows NT
2009-12-18 17:45:10 ----D---- C:\Program Files\Common Files\System
2009-12-18 17:44:49 ----D---- C:\WINDOWS\system32\oobe
2009-12-18 17:44:48 ----D---- C:\WINDOWS\system32\usmt
2009-12-18 17:44:46 ----D---- C:\WINDOWS\system
2009-12-18 17:37:01 ----D---- C:\WINDOWS\EHome
2009-12-17 15:44:06 ----D---- C:\Documents and Settings
2009-12-16 17:04:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-12-10 00:58:25 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-19 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-19 28424]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-19 360584]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-12-19 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.11\RivaTuner32.sys []
R3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-12-19 30104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-19 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-19 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-12-19 2303680]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-12-19 5832712]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-09 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-08 215104]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2008-06-05 1322648]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-04 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files


Edited by Night hawk, 09 January 2010 - 12:15 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:23 AM

Posted 10 January 2010 - 02:36 AM

Hi,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 Night hawk

Night hawk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 10 January 2010 - 03:17 PM

ComboFix 10-01-04.01 - Simon 10/01/2010 19:59:19.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2288 [GMT 0:00]
Running from: c:\documents and settings\Simon\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-676965509-1839512144-199793951-1001
c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-09 12:17 . 2010-01-09 12:17 -------- d-----w- C:\rsit
2010-01-08 23:12 . 2010-01-08 23:12 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\2DBoy
2010-01-08 01:22 . 2010-01-08 01:22 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\Threat Expert
2009-12-27 21:09 . 2006-12-08 09:06 139776 ----a-r- c:\windows\system32\drivers\adidts.sys
2009-12-27 21:09 . 2006-08-06 22:57 93952 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2009-12-27 21:09 . 2007-01-16 01:09 293888 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2009-12-27 21:08 . 2005-05-04 08:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2009-12-27 21:08 . 2001-09-11 14:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2009-12-27 21:08 . 2009-12-27 21:09 -------- d-----w- c:\program files\Analog Devices
2009-12-27 21:08 . 2006-07-10 14:42 49152 ------w- c:\windows\system32\DSndUp.exe
2009-12-27 21:08 . 2002-04-17 14:05 45056 ------w- c:\windows\system32\CleanUp.exe
2009-12-26 13:37 . 2009-12-26 13:37 52224 ----a-w- c:\documents and settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-26 13:37 . 2009-12-26 13:37 117760 ----a-w- c:\documents and settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-26 13:36 . 2009-12-26 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-26 13:35 . 2009-12-26 13:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-26 13:35 . 2009-12-26 13:35 -------- d-----w- c:\documents and settings\Simon\Application Data\SUPERAntiSpyware.com
2009-12-24 16:58 . 2009-12-24 16:58 -------- d-----w- c:\program files\Trend Micro
2009-12-24 14:17 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-24 14:17 . 2001-08-17 22:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-24 14:17 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-24 14:17 . 2001-08-17 22:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-24 14:17 . 2001-08-17 22:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-24 14:17 . 2001-08-17 22:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-24 14:17 . 2001-08-17 12:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-24 14:17 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-24 14:17 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-24 14:17 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-24 14:17 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-12-24 14:15 . 2001-08-17 12:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-12-24 14:14 . 2001-08-17 22:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-12-24 14:13 . 2001-08-17 12:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-12-24 14:12 . 2001-08-17 22:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-12-24 14:11 . 2001-08-17 22:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2009-12-24 14:10 . 2001-08-17 13:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-24 14:09 . 2001-08-17 22:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2009-12-24 14:08 . 2001-08-17 13:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2009-12-24 14:07 . 2001-08-17 12:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2009-12-24 14:06 . 2001-08-17 12:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-12-24 14:05 . 2001-08-17 22:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2009-12-24 14:04 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-12-24 14:04 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-12-24 14:04 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-24 14:04 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-12-24 14:02 . 2001-08-17 22:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-12-24 14:01 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-12-24 14:00 . 2001-08-17 12:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2009-12-24 13:59 . 2001-08-17 13:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-12-24 13:58 . 2001-08-17 22:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-12-24 13:57 . 2001-08-17 13:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2009-12-24 13:56 . 2008-04-13 18:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2009-12-24 13:55 . 2001-08-17 12:12 63208 -c--a-w- c:\windows\system32\dllcache\dc21x4.sys
2009-12-24 13:54 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-24 13:53 . 2001-08-17 22:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2009-12-24 13:51 . 2001-08-17 14:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-24 13:50 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-24 11:58 . 2009-11-10 10:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-24 11:58 . 2009-11-10 10:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-24 11:58 . 2009-11-10 10:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-24 11:58 . 2009-11-10 10:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-24 11:58 . 2009-10-28 01:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-24 11:58 . 2008-11-26 12:08 131 ----a-w- c:\windows\IDB.zip
2009-12-24 11:57 . 2009-10-30 11:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-24 11:56 . 2009-11-09 11:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-24 11:56 . 2009-10-06 16:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-24 11:56 . 2009-09-03 09:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-24 11:56 . 2009-12-24 11:58 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-24 11:56 . 2009-12-24 12:29 -------- d-----w- c:\program files\Spyware Doctor
2009-12-24 11:56 . 2009-12-24 11:56 -------- d-----w- c:\documents and settings\Simon\Application Data\PC Tools
2009-12-24 11:56 . 2009-12-24 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-22 17:00 . 2009-12-19 21:01 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 17:00 . 2009-12-19 21:01 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 17:00 . 2009-12-19 21:01 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-12-22 17:00 . 2009-12-22 16:59 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-22 17:00 . 2009-12-19 21:01 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-22 17:00 . 2009-12-19 21:01 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-22 16:50 . 2009-12-22 16:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-22 16:05 . 2010-01-10 19:27 0 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\prvlcl.dat
2009-12-19 21:55 . 2009-12-19 21:55 -------- d-----w- c:\windows\system32\AGEIA
2009-12-19 21:55 . 2009-12-19 21:55 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-19 21:23 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-19 21:23 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-12-19 21:23 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-12-19 21:23 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-19 21:23 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-12-19 21:23 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-12-19 21:23 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-12-19 21:23 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-19 21:23 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-12-19 21:23 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-12-19 21:15 . 2009-12-19 21:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-19 21:15 . 2009-12-19 21:15 -------- d-----w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab
2009-12-19 21:15 . 2009-12-19 21:15 290816 ----a-w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-12-19 21:15 . 2009-12-19 21:15 290816 ----a-w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-12-19 21:15 . 2009-12-19 21:15 290816 ----a-w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-12-19 21:15 . 2009-12-19 21:15 290816 ----a-w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-12-19 21:01 . 2009-12-19 21:05 -------- d-----w- C:\$AVG
2009-12-19 21:01 . 2009-12-19 21:01 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-19 21:01 . 2009-12-19 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-19 20:58 . 2009-12-19 20:58 -------- d-----w- C:\AVGTemp
2009-12-19 18:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-19 18:43 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-19 18:43 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-19 18:43 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-19 18:43 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-19 18:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-19 18:43 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-18 17:53 . 2009-08-04 14:20 2066048 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-18 12:10 . 2009-12-22 16:06 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-12-18 12:10 . 2009-12-18 12:10 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-12-18 12:10 . 2009-12-18 12:10 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-12-18 12:10 . 2009-12-18 12:10 -------- d-----w- c:\documents and settings\HelpAssistant\speech
2009-12-18 12:09 . 2009-12-18 12:09 -------- d-----w- c:\documents and settings\HelpAssistant\Phone Browser
2009-12-18 12:09 . 2009-12-18 12:09 -------- d-----w- c:\documents and settings\HelpAssistant\pfdata
2009-12-18 11:42 . 2009-12-18 11:42 -------- d-----w- c:\documents and settings\Simon\Application Data\Malwarebytes
2009-12-18 11:42 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 11:42 . 2009-12-18 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-18 11:42 . 2009-12-18 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 11:42 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 15:46 . 2009-12-17 15:46 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2009-12-11 23:12 . 2009-12-11 23:12 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-12-11 23:12 . 2009-12-11 23:12 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-12-11 23:12 . 2009-12-11 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-12-11 23:12 . 2009-12-11 23:12 -------- d-----w- c:\documents and settings\Simon\Application Data\Propellerhead Software
2009-12-11 23:10 . 2009-12-11 23:10 -------- d-----w- c:\program files\Propellerhead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 19:21 . 2008-12-10 19:32 -------- d-----w- c:\documents and settings\Simon\Application Data\WTablet
2010-01-10 19:20 . 2009-01-21 16:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-10 19:20 . 2009-10-09 19:13 -------- d-----w- c:\program files\Steam2
2010-01-10 01:15 . 2009-06-02 19:40 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-10 00:16 . 2009-08-02 12:15 -------- d-----w- c:\documents and settings\Simon\Application Data\Spotify
2010-01-08 16:34 . 2008-12-08 20:32 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-08 00:54 . 2009-12-04 00:01 -------- d-----w- c:\program files\VirtualDJ
2009-12-27 22:49 . 2009-07-11 21:18 -------- d-----w- c:\documents and settings\Simon\Application Data\Skype
2009-12-27 22:46 . 2009-07-12 20:36 -------- d-----w- c:\documents and settings\Simon\Application Data\skypePM
2009-12-26 13:35 . 2008-12-08 21:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-24 16:03 . 2009-11-04 13:02 -------- d-----w- c:\program files\Autodesk
2009-12-24 16:02 . 2009-09-26 11:43 -------- d-----w- c:\program files\NCSoft
2009-12-24 16:01 . 2008-12-08 20:08 204432 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-19 22:35 . 2009-07-24 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-19 21:01 . 2008-12-08 22:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-19 21:01 . 2008-12-08 22:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-19 21:01 . 2008-12-08 22:46 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-19 21:01 . 2008-12-08 22:46 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-19 21:01 . 2008-12-08 22:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-19 21:01 . 2008-12-08 22:46 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-19 21:01 . 2008-12-08 22:46 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-18 19:44 . 2008-12-08 22:46 -------- d-----w- c:\program files\AVG
2009-12-18 18:07 . 2009-01-11 18:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-12-09 13:32 . 2009-07-06 23:49 -------- d-----w- c:\program files\Xfire
2009-12-08 23:24 . 2008-12-10 20:34 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-08 23:24 . 2008-12-10 20:33 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-08 23:23 . 2009-07-06 23:49 -------- d-----w- c:\documents and settings\Simon\Application Data\Xfire
2009-12-08 09:21 . 2009-10-24 20:03 3776280 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-25 23:06 . 2009-11-25 23:06 -------- d-----w- c:\program files\MSXML 6.0
2009-11-25 22:13 . 2009-08-16 20:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-25 22:13 . 2009-08-16 20:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-21 02:34 . 2009-12-19 21:23 10235968 ----a-w- c:\windows\system32\drivers\SET6.tmp
2009-11-21 02:34 . 2008-12-08 21:05 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2008-10-23 07:42 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2008-10-23 07:42 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-20 20:32 . 2009-11-20 20:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 20:32 . 2009-11-20 20:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 20:32 . 2009-11-20 20:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-20 20:32 . 2009-11-20 20:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 20:32 . 2009-11-20 20:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 20:32 . 2009-11-20 20:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 21:42 . 2008-12-08 20:30 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-13 00:10 . 2009-11-04 22:22 712792 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-09 19:00 . 2009-01-11 16:51 1 ----a-w- c:\documents and settings\Simon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-08 21:19 . 2009-11-08 21:19 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll
2009-11-08 21:16 . 2009-11-08 21:16 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-10-30 18:44 . 2009-10-30 18:44 10134 ----a-r- c:\documents and settings\Simon\Application Data\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2009-10-29 05:38 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam2\steam.exe" [2009-11-11 1217808]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-22 2033432]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 1126400]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe" [2006-11-14 363008]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

c:\documents and settings\Simon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-19 21:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\fuel - demo\\FUEL.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\tom clancy's h.a.w.x - demo\\HAWX.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\trials 2 second edition\\launcher.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\trine demo\\trine_launcher.exe"=
"c:\\Program Files\\Steam2\\Steam.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\osmos\\osmos.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3600:TCP"= 3600:TCP:Services

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [19/12/2009 21:01 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [08/12/2008 22:46 161800]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24/12/2009 11:56 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/12/2008 22:46 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/12/2008 22:46 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [16/10/2009 14:51 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [16/10/2009 14:51 234888]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [19/12/2009 21:01 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/12/2009 21:01 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [19/12/2009 21:01 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [19/12/2009 21:01 5832712]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24/12/2009 11:58 112592]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [10/12/2008 19:31 1373480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [08/12/2008 22:46 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [19/12/2009 21:01 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [19/12/2009 21:01 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [19/12/2009 21:01 25736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [08/12/2008 22:46 30104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16/09/2009 21:31 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16/09/2009 21:31 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24/12/2009 11:56 359624]
.
.
------- Supplementary Scan -------
.
TCP: {16A95BAC-0475-4D62-AA6B-162176F5D7F0} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\3a5013el.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-Launch Ai Booster - c:\program files\ASUS\AI Booster\OverClk.exe
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-01-10 20:14:12
ComboFix-quarantined-files.txt 2010-01-10 20:14

Pre-Run: 27,521,933,312 bytes free
Post-Run: 27,649,351,680 bytes free

- - End Of File - - 59C324F70B9B88D466DE551B45CC8C57


Cheers :(, any ideas yet?

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:23 AM

Posted 10 January 2010 - 10:33 PM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Simon\Local Settings\Application Data\prvlcl.dat
Folder::
c:\documents and settings\HelpAssistant
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-
"3389:TCP"=-
"3600:TCP"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

Then please post back here with the following logs:
  • Combofix.txt
  • RootRepeal.txt
Thanks

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:23 AM

Posted 16 January 2010 - 04:02 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users