Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys trojan infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 caleman22

caleman22

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 March 2010 - 12:48 PM

So, a day or two ago my AVG internet security 9.0 started popping up with this atapi.sys trojan threat. The strange thing is that it would continue to pop up over and over. So for example, if i left threat go for 5 minutes, the avg multiple threats detected window would show numerous trojan infections all relating to atapi.sys. I would heal them and restart but its been coming back and coming back. Other than the annoying AVG threat detection box popping up endlessly, I would say it has changed anything else on my computer. or at least i haven't noticed anything yet.

DDS


DDS (Ver_09-12-01.01) - NTFSx86
Run by Cale at 0:17:45.91 on 11/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.2975.1784 [GMT 7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

G:\Windows\system32\wininit.exe
G:\Windows\system32\lsm.exe
G:\Windows\system32\svchost.exe -k DcomLaunch
G:\Windows\system32\svchost.exe -k RPCSS
G:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
G:\Windows\system32\svchost.exe -k netsvcs
G:\Windows\system32\svchost.exe -k LocalService
G:\Windows\system32\svchost.exe -k NetworkService
G:\Windows\System32\spoolsv.exe
G:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
G:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
G:\Program Files\AVG\AVG9\avgwdsvc.exe
G:\Program Files\AVG\AVG9\avgfws9.exe
G:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Windows\System32\svchost.exe -k WerSvcGroup
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
G:\Program Files\AVG\AVG9\avgam.exe
G:\Program Files\AVG\AVG9\avgnsx.exe
G:\Program Files\AVG\AVG9\avgemc.exe
G:\Program Files\AVG\AVG9\avgcsrvx.exe
G:\Windows\system32\SearchIndexer.exe
G:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
G:\Program Files\AVG\AVG9\avgchsvx.exe
G:\Program Files\AVG\AVG9\avgrsx.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
G:\Program Files\AVG\AVG9\avgcsrvx.exe
G:\Windows\system32\taskhost.exe
G:\Windows\system32\taskeng.exe
G:\Windows\system32\Dwm.exe
G:\Windows\Explorer.EXE
G:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
G:\Program Files\VinaPhone Mobile Broadband\UIExec.exe
G:\Program Files\AVG\AVG9\avgtray.exe
G:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\Internet Download Manager\IDMan.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Internet Download Manager\IEMonitor.exe
G:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
G:\Program Files\VinaPhone Mobile Broadband\UIMain.exe
G:\Windows\system32\conhost.exe
G:\Program Files\VinaPhone Mobile Broadband\CMUpdater.exe
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\Program Files\AVG\AVG9\avgcsrvx.exe
G:\Program Files\Registry Mechanic\regmech.exe
G:\Program Files\uTorrent\uTorrent.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\PROGRA~1\Crawler\CToolbar.exe
G:\Windows\system32\vssvc.exe
G:\Windows\System32\svchost.exe -k swprv
G:\Windows\system32\SearchProtocolHost.exe
G:\Windows\system32\SearchFilterHost.exe
G:\Windows\system32\DllHost.exe
G:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
G:\Windows\system32\DllHost.exe
G:\Users\Cale\Desktop\dds.scr
G:\Windows\system32\conhost.exe
G:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - g:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - g:\progra~1\crawler\ctbr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - g:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - g:\progra~1\crawler\ctbr.dll
uRun: [IDMan] g:\program files\internet download manager\IDMan.exe /onboot
uRun: [RegistryMechanic] g:\program files\registry mechanic\RMTray.exe /H
uRun: [msnmsgr] "g:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] g:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [UIExec] "g:\program files\vinaphone mobile broadband\UIExec.exe"
mRun: [AVG9_TRAY] g:\progra~1\avg\avg9\avgtray.exe
mRun: [WinPatrol] g:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [GrooveMonitor] "g:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "g:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "g:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "g:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] g:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: Download all links with IDM - g:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - g:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - g:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - g:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - g:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {40B7C013-9570-47B4-9315-646B97860DFF} = 10.1.10.11 203.162.0.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - g:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - g:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - g:\progra~1\crawler\ctbr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - g:\users\cale\appdata\roaming\mozilla\firefox\profiles\c3bf66b0.default\
FF - prefs.js: browser.search.selectedEngine - Vietnamese - English dictionary
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: g:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: g:\program files\crawler\firefox\components\xcomm.dll
FF - component: g:\program files\crawler\firefox\components\xshared.dll
FF - component: g:\program files\crawler\firefox\components\xsupport.dll
FF - component: g:\program files\crawler\firefox\components\xwsg.dll
FF - component: g:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: g:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: g:\users\cale\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: g:\program files\microsoft\office live\npOLW.dll
FF - plugin: g:\program files\mozilla firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
g:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;g:\windows\system32\drivers\AVGIDSwx.sys [2010-3-3 25096]
R0 AvgRkx86;avgrkx86.sys;g:\windows\system32\drivers\avgrkx86.sys [2010-3-3 52872]
R1 Avgfwfd;AVG network filter service;g:\windows\system32\drivers\avgfwd6x.sys [2010-3-3 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2010-3-3 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2010-3-3 29512]
R1 AvgTdiX;AVG Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2010-3-3 242696]
R1 SBRE;SBRE;g:\windows\system32\drivers\SBREDrv.sys [2010-3-9 95024]
R1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9emc;AVG E-mail Scanner;g:\program files\avg\avg9\avgemc.exe [2010-3-5 916760]
R2 avg9wd;AVG WatchDog;g:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 avgfws9;AVG Firewall;g:\program files\avg\avg9\avgfws9.exe [2010-3-5 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;g:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]
R2 SBSDWSCService;SBSD Security Center Service;g:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-3 1153368]
R2 UI Assistant Service;UI Assistant Service;g:\program files\vinaphone mobile broadband\AssistantServices.exe [2010-3-2 246272]
R3 AVGIDSDriverw7x;AVG9IDSDriver;g:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-3-3 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;g:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-3-3 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;g:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-3-3 20488]
R3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;g:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 massfilter;ZTE Mass Storage Filter Driver;g:\windows\system32\drivers\massfilter.sys [2010-3-2 9216]
S3 StorSvc;Storage Service;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
S4 hpsrv;HP Service;g:\windows\system32\hpservice.exe [2010-2-26 26168]

=============== Created Last 30 ================

2010-03-10 17:12:46 0 ----a-w- g:\users\cale\defogger_reenable
2010-03-10 16:56:24 15504 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-03-10 16:56:22 38496 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 16:56:21 0 d-----w- g:\program files\Malwarebytes' Anti-Malware
2010-03-10 15:34:39 77312 ----a-w- g:\windows\MBR.exe
2010-03-10 15:34:39 161792 ----a-w- g:\windows\SWREG.exe
2010-03-10 15:34:18 0 d-s---w- G:\ComboFix
2010-03-10 15:27:05 0 d-----w- g:\users\cale\appdata\roaming\Malwarebytes
2010-03-10 15:27:00 0 d-----w- g:\programdata\Malwarebytes
2010-03-09 05:47:21 54 ----a-w- g:\windows\system32\rp_stats.dat
2010-03-09 05:47:21 44 ----a-w- g:\windows\system32\statistics.dat
2010-03-09 05:47:21 39 ----a-w- g:\windows\system32\rp_rules.dat
2010-03-09 05:40:39 95024 ----a-w- g:\windows\system32\drivers\SBREDrv.sys
2010-03-09 05:23:52 0 d-----w- g:\programdata\Lavasoft
2010-03-07 05:31:52 0 d-----w- g:\program files\XP-Legacy
2010-03-06 03:50:52 28672 ----a-w- g:\windows\system32\MsgHoo32.OCX
2010-03-06 03:50:52 18541 ----a-w- g:\windows\MsgHook.hlp
2010-03-05 16:23:42 0 d-----w- g:\programdata\Apple Computer
2010-03-05 14:59:09 0 d-----w- g:\program files\TriChlor
2010-03-05 08:54:08 0 d-----w- g:\users\cale\appdata\roaming\AVG9
2010-03-05 06:26:11 0 d-sh--w- g:\windows\system32\%APPDATA%
2010-03-05 04:17:39 0 d-----w- g:\programdata\Apple
2010-03-05 03:52:51 12464 ----a-w- g:\windows\system32\avgrsstx.dll
2010-03-04 17:36:38 0 d-----w- g:\windows\pss
2010-03-04 06:14:29 0 d-----w- g:\windows\system32\Wat
2010-03-04 05:45:53 0 d-----w- g:\programdata\IObit
2010-03-04 05:36:44 0 d-----w- g:\users\cale\appdata\roaming\IObit
2010-03-04 05:36:44 0 d-----w- g:\program files\IObit
2010-03-04 05:02:50 3955288 ----a-w- g:\windows\system32\ntkrnlpa.exe
2010-03-04 05:02:49 3899464 ----a-w- g:\windows\system32\ntoskrnl.exe
2010-03-04 05:02:49 292864 ----a-w- g:\windows\system32\apphelp.dll
2010-03-04 04:58:50 0 d-----w- g:\program files\Crawler
2010-03-04 04:53:06 65536 ------w- g:\windows\system32\Ikeext.etl
2010-03-03 15:10:35 0 d-----w- g:\users\cale\appdata\roaming\Uniblue
2010-03-03 15:03:33 32656 ----a-w- g:\windows\system32\msonpmon.dll
2010-03-03 14:59:25 0 d-----w- g:\program files\Microsoft Visual Studio 8
2010-03-03 14:58:40 0 d-----w- g:\programdata\Microsoft Help
2010-03-03 08:22:49 0 d-----w- g:\program files\Elaborate Bytes
2010-03-03 07:27:12 0 d-----w- g:\program files\Speccy
2010-03-03 07:21:40 0 d-----w- g:\programdata\Spybot - Search & Destroy
2010-03-03 07:21:40 0 d-----w- g:\program files\Spybot - Search & Destroy
2010-03-03 07:13:27 0 d-----w- g:\program files\Defraggler
2010-03-03 07:12:28 0 d-----w- g:\program files\CCleaner
2010-03-03 07:07:23 0 d-----w- g:\windows\system32\Adobe
2010-03-03 06:58:15 0 d-----w- g:\users\cale\appdata\roaming\WinPatrol
2010-03-03 06:58:06 0 d-----w- g:\program files\BillP Studios
2010-03-03 06:52:51 0 d-----w- g:\programdata\Adobe
2010-03-03 06:52:09 506368 ----a-w- g:\windows\system32\msxml.dll
2010-03-03 06:52:09 1081616 ----a-w- g:\windows\system32\MSCOMCTL.OCX
2010-03-03 06:45:12 56 ---ha-w- g:\programdata\ezsidmv.dat
2010-03-03 06:44:20 0 d-----r- g:\program files\Skype
2010-03-03 06:33:02 1892184 ----a-w- g:\windows\system32\D3DX9_42.dll
2010-03-03 06:33:01 2414360 ----a-w- g:\windows\system32\d3dx9_31.dll
2010-03-03 06:32:25 0 d-----w- g:\program files\Winamp Detect
2010-03-03 06:32:19 0 d-----w- g:\program files\common files\PX Storage Engine
2010-03-03 06:31:09 0 d-----w- g:\programdata\OrbNetworks
2010-03-03 06:31:07 0 d-----w- g:\program files\Winamp Remote
2010-03-03 06:24:34 0 d-----w- g:\programdata\Skype
2010-03-03 06:21:15 0 d-----w- g:\users\cale\Tracing
2010-03-03 06:18:34 0 d-----w- g:\program files\Microsoft
2010-03-03 06:18:16 0 d-----w- g:\program files\Windows Live SkyDrive
2010-03-03 06:17:35 0 d-----w- g:\windows\PCHEALTH
2010-03-03 06:14:26 0 d-----w- g:\program files\common files\Windows Live
2010-03-03 06:12:26 0 d-----w- g:\program files\Yahoo!
2010-03-03 05:42:02 0 d-----w- g:\programdata\PopCap Games
2010-03-03 05:40:13 0 d-----w- g:\program files\GameHouse
2010-03-03 05:37:27 0 d-----w- g:\program files\Internet Download Manager
2010-03-03 05:27:12 0 d-----w- g:\users\cale\appdata\roaming\IDM
2010-03-03 05:27:04 0 d-----w- g:\users\cale\appdata\roaming\Nokia Ovi Suite
2010-03-03 05:07:38 0 d-----w- g:\programdata\Yahoo!
2010-03-03 04:43:19 52872 ----a-w- g:\windows\system32\drivers\avgrkx86.sys
2010-03-03 04:43:18 242696 ----a-w- g:\windows\system32\drivers\avgtdix.sys
2010-03-03 04:43:13 216200 ----a-w- g:\windows\system32\drivers\avgldx86.sys
2010-03-03 04:43:12 0 d-----w- g:\windows\system32\drivers\Avg
2010-03-03 04:43:11 0 d-----w- g:\programdata\AVG Security Toolbar
2010-03-03 04:43:02 25096 ----a-w- g:\windows\system32\drivers\AVGIDSwx.sys
2010-03-03 04:42:31 24856 ----a-w- g:\windows\system32\drivers\avgfwd6x.sys
2010-03-03 04:41:17 0 d-----w- g:\programdata\avg9
2010-03-03 04:41:17 0 d-----w- g:\program files\AVG
2010-03-03 04:28:44 0 d-----w- g:\programdata\Nokia
2010-03-03 04:24:58 0 ---ha-w- g:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-03 04:24:48 0 d-----w- g:\programdata\PC Suite
2010-03-03 04:08:20 0 ---ha-w- g:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-03 04:06:46 0 d-----w- g:\program files\common files\Nokia
2010-03-03 04:06:29 18816 ----a-w- g:\windows\system32\drivers\pccsmcfd.sys
2010-03-03 04:06:25 0 d-----w- g:\program files\PC Connectivity Solution
2010-03-03 04:06:10 91136 ----a-w- g:\windows\system32\nmwcdcls.dll
2010-03-03 04:04:37 0 d-sh--w- g:\windows\Installer
2010-03-03 04:04:16 0 d-----w- g:\programdata\OviInstallerCache
2010-03-03 04:04:15 0 d-----w- g:\program files\Nokia
2010-03-03 03:59:11 0 d---a-w- g:\programdata\TEMP
2010-03-02 22:17:08 0 ---ha-w- g:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-03-02 22:14:13 0 d-----w- g:\windows\Panther
2010-03-02 12:58:32 257024 ----a-w- g:\windows\system32\msv1_0.dll
2010-03-02 12:52:15 0 ---ha-w- g:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-03-02 08:14:47 0 d-----r- g:\program files\Program Files
2010-03-02 08:11:57 0 d-----w- G:\swsetup
2010-03-02 08:11:57 0 d-----w- G:\ie-spyad_zo
2010-03-02 08:05:34 0 d-----w- g:\program files\uTorrent
2010-03-02 08:05:10 0 d-----w- g:\users\cale\appdata\roaming\uTorrent
2010-03-02 07:57:48 0 d-----w- g:\users\cale\appdata\roaming\DMCache
2010-03-02 07:45:54 181632 ------w- g:\windows\system32\MpSigStub.exe
2010-03-02 07:32:33 713888 ----a-w- g:\windows\system32\PerfStringBackup.INI
2010-03-02 07:32:13 0 d-----w- g:\windows\system32\wbem\Performance
2010-03-02 07:31:01 105088 ----a-w- g:\windows\system32\drivers\ZTEusbvoice.sys
2010-03-02 07:31:01 105088 ----a-w- g:\windows\system32\drivers\ZTEusbser6k.sys
2010-03-02 07:31:01 105088 ----a-w- g:\windows\system32\drivers\ZTEusbnmeaext.sys
2010-03-02 07:31:00 9216 ----a-w- g:\windows\system32\drivers\massfilter.sys
2010-03-02 07:31:00 114688 ----a-w- g:\windows\system32\drivers\ZTEusbnet.sys
2010-03-02 07:31:00 105088 ----a-w- g:\windows\system32\drivers\ZTEusbnmea.sys
2010-03-02 07:31:00 105088 ----a-w- g:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-03-02 07:30:55 0 d-----w- g:\windows\system32\SupportAppCB
2010-03-02 07:30:54 0 d-----w- g:\program files\VinaPhone Mobile Broadband
2010-03-02 07:26:07 0 d-sh--w- G:\Recovery
2010-03-01 19:21:20 0 d-----w- G:\24bc5856770c71f3050f6817ae
2010-02-26 13:34:24 15416 ----a-w- g:\windows\system32\HPMDPCoInst.dll
2010-02-26 13:34:18 25656 ----a-w- g:\windows\system32\drivers\hpdskflt.sys
2010-02-26 13:34:12 26168 ----a-w- g:\windows\system32\hpservice.exe
2010-02-26 13:34:02 15416 ----a-w- g:\windows\system32\accelerometerdll.DLL
2010-02-26 13:33:56 33848 ----a-w- g:\windows\system32\drivers\Accelerometer.sys
2010-02-22 08:07:38 0 d--h--w- G:\$AVG
2010-02-15 11:50:20 94208 ----a-w- g:\windows\system32\QuickTimeVR.qtx
2010-02-15 11:50:20 69632 ----a-w- g:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-03-10 14:56:50 21584 ----a-w- g:\windows\system32\drivers\atapi.sys
2010-02-02 07:45:54 2048 ----a-w- g:\windows\system32\tzres.dll
2010-01-21 07:53:16 18048 ----a-w- g:\windows\system32\drivers\ccdcmb.sys
2010-01-18 23:29:31 85504 ----a-w- g:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- g:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- g:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- g:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- g:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- g:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- g:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- g:\windows\system32\RMActivate_ssp.exe
2010-01-18 06:30:48 348160 ----a-w- g:\windows\system32\msvcr71.dll
2010-01-18 06:30:46 499712 ----a-w- g:\windows\system32\msvcp71.dll
2009-12-30 04:30:50 660480 ----a-w- g:\windows\system32\nmwcdcocls.dll
2009-12-19 09:02:55 977920 ----a-w- g:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- g:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- g:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- g:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- g:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- g:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- g:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- g:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- g:\windows\system32\avifil32.dll
2009-12-13 09:30:50 641536 ----a-w- g:\windows\system32\CPFilters.dll
2009-12-13 09:30:50 465408 ----a-w- g:\windows\system32\psisdecd.dll
2009-12-13 09:29:33 417792 ----a-w- g:\windows\system32\msdri.dll
2009-07-14 04:56:42 31548 ----a-w- g:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- g:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- g:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- g:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- g:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- g:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- g:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- g:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- g:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- g:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:18:30.94 ===============

ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/03/2010 2:27:31 PM
System Uptime: 03/10/2010 11:45:24 PM (-4967 hours ago)

Motherboard: Compal | | 30F7
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 48.867 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.163 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 127 GiB total, 126.778 GiB free.
G: is FIXED (NTFS) - 108 GiB total, 71.686 GiB free.
H: is Removable
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&17D1176A&0&00E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&17D1176A&0&00E4
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&17D1176A&0&03E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&17D1176A&0&03E4
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&17D1176A&0&04E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&17D1176A&0&04E4
Service:

Class GUID:
Description:
Device ID: ACPI\ENE0100\3&33FD14CA&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&33FD14CA&0
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MMC Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ZTE&PROD_MMC_STORAGE&REV_2.31#7&35795FBB&0&P673A4ZTED010000&0#
Manufacturer: ZTE
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ZTE&PROD_MMC_STORAGE&REV_2.31#7&35795FBB&0&P673A4ZTED010000&0#
Service: WUDFRd

==== System Restore Points ===================

RP25: 05/03/2010 11:23:22 PM - Installed QuickTime
RP26: 06/03/2010 10:45:01 AM - Removed WinVNKey
RP27: 06/03/2010 10:46:01 AM - Installed WinVNKey
RP28: 07/03/2010 6:18:41 AM - Windows Update
RP29: 07/03/2010 12:30:11 PM - Removed WinVNKey
RP30: 07/03/2010 12:31:29 PM - Installed WinVNKey
RP32: 09/03/2010 10:27:06 AM - Avg Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Apple Application Support
Apple Software Update
µTorrent
AVG 9.0
Bookworm Adventures Deluxe
CCleaner
Crawler Toolbar with Web Security Guard
Defraggler
Internet Download Manager
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
QuickTime
Registry Mechanic 8.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype Toolbars
Skype™ 4.2
Speccy
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977719)
VinaPhone Mobile Broadband
VirtualCloneDrive
Winamp
Winamp Detector Plug-in
Winamp Remote
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
WinPatrol 2009
WinRAR archiver
WinVNKey
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

10/03/2010 11:45:40 PM, Error: volmgr [46] - Crash dump initialization failed!
10/03/2010 10:00:44 PM, Error: Service Control Manager [7000] - The Google Update Service service failed to start due to the following err

BC AdBot (Login to Remove)

 


#2 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 March 2010 - 08:54 PM

i am having trouble connecting to this page for some reason. i know that i haven't fully attached my attach log or my GMER log yet. however as soon as i hit the button 'add reply' it sends me a to a 'your connection has been reset' page.

#3 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 March 2010 - 09:01 PM

it let me type in a message, but if i copy and paste the rest of my attach log it won't let me post it.... why?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-11 00:31:11
Windows 6.1.7600
Running: gmer.exe; Driver: G:\Users\Cale\AppData\Local\Temp\kwlyrpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x82122730]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x821227E0]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x82122880]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x82122920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E152D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86088A9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 540
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 115
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.UYVY msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YUY2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVYU msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.IYUV iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.i420 iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVU9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm G:\Windows\System32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs G:\Windows\System32\avgrsstx.dll

---- Files - GMER 1.0.15 ----

File G:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#4 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 March 2010 - 09:04 PM

ok, well i've attached my DDS log, my GMER log and most of my ATTACH log. The attach log is missing the "event viewer messages from past week" section. I seriously am unable to post it into this forum, i dont know why. I'll try again later.

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:05 AM

Posted 11 March 2010 - 12:25 AM

Hello, caleman22.
My name is aommaster and I will be helping you with your log.


If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 01:57 AM

ok, so the RSIT program came up with an AutoIt Error which stated:

Line -1:
Error: Variable used without being declared.

I tried troubleshoot compatibility and it suggested running the program in XP service pack 2 mode. I allowed the settings to be changed, then I ran the program as the administrator. It finished but only opened the log.txt.

Here it is:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cale at 2010-03-11 13:54:01
Microsoft Windows 7 Professional Service Pack 2
System drive G: has 78 GB (71%) free of 110 GB
Total RAM: 2975 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

G:\Windows\tasks\AWC AutoSweep.job
G:\Windows\tasks\AWC Startup.job
G:\Windows\tasks\AWC Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - G:\Program Files\Internet Download Manager\IDMIECC.dll [2010-01-20 181680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
G:\PROGRA~1\Crawler\ctbr.dll [2010-01-29 1230184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - G:\Program Files\AVG\AVG9\avgssie.dll [2010-03-05 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - G:\PROGRA~1\Crawler\ctbr.dll [2010-01-29 1230184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UIExec"=G:\Program Files\VinaPhone Mobile Broadband\UIExec.exe [2009-09-22 132096]
"AVG9_TRAY"=G:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-05 2059544]
"WinPatrol"=G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-08 337216]
"GrooveMonitor"=G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"QuickTime Task"=G:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]
"Malwarebytes Anti-Malware (reboot)"=G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 1277584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=G:\Program Files\Internet Download Manager\IDMan.exe [2010-03-03 3179952]
"RegistryMechanic"=G:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
"msnmsgr"=G:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Sidebar"=G:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - G:\Windows\System32\Notepad.exe %1
.js - open - G:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-11 13:46:25 ----D---- G:\Program Files\trend micro
2010-03-11 13:46:23 ----D---- G:\rsit
2010-03-10 23:56:21 ----D---- G:\Program Files\Malwarebytes' Anti-Malware
2010-03-10 22:36:02 ----D---- G:\32788R22FWJFW
2010-03-10 22:34:39 ----A---- G:\Windows\zip.exe
2010-03-10 22:34:39 ----A---- G:\Windows\SWREG.exe
2010-03-10 22:34:39 ----A---- G:\Windows\MBR.exe
2010-03-10 22:34:39 ----A---- G:\Windows\grep.exe
2010-03-10 22:34:20 ----D---- G:\Windows\ERDNT
2010-03-10 22:33:14 ----D---- G:\Qoobox
2010-03-10 22:32:54 ----A---- G:\Windows\SWXCACLS.exe
2010-03-10 22:27:05 ----D---- G:\Users\Cale\AppData\Roaming\Malwarebytes
2010-03-10 22:27:00 ----D---- G:\ProgramData\Malwarebytes
2010-03-09 12:23:52 ----D---- G:\ProgramData\Lavasoft
2010-03-07 12:31:52 ----D---- G:\Program Files\XP-Legacy
2010-03-06 16:00:04 ----D---- G:\Program Files\QuickTime
2010-03-05 23:23:42 ----D---- G:\ProgramData\Apple Computer
2010-03-05 21:59:09 ----D---- G:\Program Files\TriChlor
2010-03-05 15:54:08 ----D---- G:\Users\Cale\AppData\Roaming\AVG9
2010-03-05 13:26:11 ----SHD---- G:\Windows\system32\%APPDATA%
2010-03-05 11:17:53 ----D---- G:\Program Files\Common Files\Apple
2010-03-05 11:17:39 ----D---- G:\ProgramData\Apple
2010-03-05 11:17:39 ----D---- G:\Program Files\Apple Software Update
2010-03-05 10:52:51 ----A---- G:\Windows\system32\avgrsstx.dll
2010-03-05 00:36:38 ----D---- G:\Windows\pss
2010-03-04 13:14:29 ----D---- G:\Windows\system32\Wat
2010-03-04 13:13:39 ----D---- G:\Program Files\Microsoft Silverlight
2010-03-04 12:45:53 ----D---- G:\ProgramData\IObit
2010-03-04 12:36:44 ----D---- G:\Users\Cale\AppData\Roaming\IObit
2010-03-04 12:36:44 ----D---- G:\Program Files\IObit
2010-03-04 12:02:50 ----A---- G:\Windows\system32\ntkrnlpa.exe
2010-03-04 12:02:50 ----A---- G:\Windows\system32\kernel32.dll
2010-03-04 12:02:49 ----A---- G:\Windows\system32\ntoskrnl.exe
2010-03-04 12:02:49 ----A---- G:\Windows\system32\apphelp.dll
2010-03-04 11:58:50 ----D---- G:\Program Files\Crawler
2010-03-03 22:10:35 ----D---- G:\Users\Cale\AppData\Roaming\Uniblue
2010-03-03 22:03:33 ----A---- G:\Windows\system32\msonpmon.dll
2010-03-03 22:01:58 ----D---- G:\Program Files\Microsoft Works
2010-03-03 22:01:25 ----D---- G:\Program Files\Microsoft Visual Studio
2010-03-03 22:01:24 ----D---- G:\Program Files\Common Files\DESIGNER
2010-03-03 22:00:57 ----D---- G:\Program Files\Microsoft.NET
2010-03-03 21:59:25 ----D---- G:\Program Files\Microsoft Visual Studio 8
2010-03-03 21:58:40 ----D---- G:\ProgramData\Microsoft Help
2010-03-03 21:58:40 ----D---- G:\Program Files\Microsoft Office
2010-03-03 21:57:18 ----RHD---- G:\MSOCache
2010-03-03 15:22:49 ----D---- G:\Program Files\Elaborate Bytes
2010-03-03 14:27:12 ----D---- G:\Program Files\Speccy
2010-03-03 14:21:40 ----D---- G:\ProgramData\Spybot - Search & Destroy
2010-03-03 14:21:40 ----D---- G:\Program Files\Spybot - Search & Destroy
2010-03-03 14:13:27 ----D---- G:\Program Files\Defraggler
2010-03-03 14:12:28 ----D---- G:\Program Files\CCleaner
2010-03-03 14:07:23 ----D---- G:\Windows\system32\Adobe
2010-03-03 13:58:15 ----D---- G:\Users\Cale\AppData\Roaming\WinPatrol
2010-03-03 13:58:06 ----D---- G:\Program Files\BillP Studios
2010-03-03 13:52:51 ----D---- G:\ProgramData\Adobe
2010-03-03 13:52:47 ----D---- G:\Program Files\Common Files\Adobe
2010-03-03 13:52:47 ----D---- G:\Program Files\Adobe
2010-03-03 13:52:09 ----A---- G:\Windows\system32\STKIT432.DLL
2010-03-03 13:52:09 ----A---- G:\Windows\system32\msxml.dll
2010-03-03 13:52:08 ----D---- G:\Program Files\Registry Mechanic
2010-03-03 13:45:12 ----D---- G:\Users\Cale\AppData\Roaming\skypePM
2010-03-03 13:44:38 ----D---- G:\Users\Cale\AppData\Roaming\Skype
2010-03-03 13:44:21 ----D---- G:\Program Files\Common Files\Skype
2010-03-03 13:44:20 ----RD---- G:\Program Files\Skype
2010-03-03 13:33:02 ----A---- G:\Windows\system32\D3DX9_42.dll
2010-03-03 13:33:01 ----A---- G:\Windows\system32\d3dx9_31.dll
2010-03-03 13:32:25 ----D---- G:\Program Files\Winamp Detect
2010-03-03 13:32:19 ----D---- G:\Program Files\Common Files\PX Storage Engine
2010-03-03 13:32:17 ----D---- G:\Users\Cale\AppData\Roaming\Winamp
2010-03-03 13:31:13 ----D---- G:\Program Files\Winamp
2010-03-03 13:31:09 ----D---- G:\ProgramData\OrbNetworks
2010-03-03 13:31:07 ----D---- G:\Program Files\Winamp Remote
2010-03-03 13:24:34 ----D---- G:\ProgramData\Skype
2010-03-03 13:18:34 ----D---- G:\Program Files\Microsoft
2010-03-03 13:18:16 ----D---- G:\Program Files\Windows Live SkyDrive
2010-03-03 13:17:58 ----D---- G:\Program Files\Windows Live
2010-03-03 13:17:35 ----D---- G:\Windows\PCHEALTH
2010-03-03 13:15:29 ----D---- G:\Users\Cale\AppData\Roaming\Yahoo!
2010-03-03 13:14:26 ----D---- G:\Program Files\Common Files\Windows Live
2010-03-03 13:12:26 ----D---- G:\Program Files\Yahoo!
2010-03-03 12:42:02 ----D---- G:\ProgramData\PopCap Games
2010-03-03 12:40:13 ----D---- G:\Program Files\GameHouse
2010-03-03 12:37:27 ----D---- G:\Program Files\Internet Download Manager
2010-03-03 12:27:12 ----D---- G:\Users\Cale\AppData\Roaming\IDM
2010-03-03 12:27:04 ----D---- G:\Users\Cale\AppData\Roaming\Nokia Ovi Suite
2010-03-03 12:07:38 ----D---- G:\ProgramData\Yahoo!
2010-03-03 11:43:11 ----D---- G:\ProgramData\AVG Security Toolbar
2010-03-03 11:41:17 ----D---- G:\ProgramData\avg9
2010-03-03 11:41:17 ----D---- G:\Program Files\AVG
2010-03-03 11:28:44 ----D---- G:\ProgramData\Nokia
2010-03-03 11:26:53 ----D---- G:\Users\Cale\AppData\Roaming\Nokia
2010-03-03 11:24:48 ----D---- G:\ProgramData\PC Suite
2010-03-03 11:24:47 ----D---- G:\Users\Cale\AppData\Roaming\PC Suite
2010-03-03 11:15:59 ----D---- G:\Users\Cale\AppData\Roaming\Mozilla
2010-03-03 11:15:54 ----D---- G:\Program Files\Mozilla Firefox
2010-03-03 11:15:05 ----D---- G:\Users\Cale\AppData\Roaming\WinRAR
2010-03-03 11:06:46 ----D---- G:\Program Files\Common Files\Nokia
2010-03-03 11:06:30 ----D---- G:\Program Files\DIFX
2010-03-03 11:06:28 ----DC---- G:\Windows\system32\DRVSTORE
2010-03-03 11:06:25 ----D---- G:\Program Files\PC Connectivity Solution
2010-03-03 11:06:10 ----A---- G:\Windows\system32\nmwcdcls.dll
2010-03-03 11:04:37 ----SHD---- G:\Windows\Installer
2010-03-03 11:04:16 ----D---- G:\ProgramData\OviInstallerCache
2010-03-03 11:04:15 ----D---- G:\Program Files\Nokia
2010-03-03 11:00:19 ----D---- G:\Program Files\WinRAR
2010-03-03 10:59:11 ----AD---- G:\ProgramData\TEMP
2010-03-03 05:17:43 ----D---- G:\Windows\SoftwareDistribution
2010-03-03 05:15:20 ----D---- G:\Windows\Prefetch
2010-03-03 05:14:13 ----D---- G:\Windows\Panther
2010-03-02 19:58:32 ----A---- G:\Windows\system32\msv1_0.dll
2010-03-02 19:57:51 ----A---- G:\Windows\system32\MRT.exe
2010-03-02 19:55:42 ----A---- G:\Windows\system32\secproc_ssp_isv.dll
2010-03-02 19:55:42 ----A---- G:\Windows\system32\secproc_ssp.dll
2010-03-02 19:55:42 ----A---- G:\Windows\system32\secproc_isv.dll
2010-03-02 19:55:42 ----A---- G:\Windows\system32\secproc.dll
2010-03-02 19:55:42 ----A---- G:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-02 19:55:42 ----A---- G:\Windows\system32\RMActivate_ssp.exe
2010-03-02 19:55:42 ----A---- G:\Windows\system32\RMActivate_isv.exe
2010-03-02 19:55:42 ----A---- G:\Windows\system32\RMActivate.exe
2010-03-02 19:55:41 ----A---- G:\Windows\system32\wmp.dll
2010-03-02 19:55:40 ----A---- G:\Windows\system32\winresume.exe
2010-03-02 19:55:40 ----A---- G:\Windows\system32\winload.exe
2010-03-02 19:55:40 ----A---- G:\Windows\system32\CertEnroll.dll
2010-03-02 19:55:39 ----A---- G:\Windows\system32\wmploc.DLL
2010-03-02 19:55:37 ----A---- G:\Windows\system32\CPFilters.dll
2010-03-02 19:55:36 ----A---- G:\Windows\system32\psisdecd.dll
2010-03-02 19:55:36 ----A---- G:\Windows\system32\mshtml.dll
2010-03-02 19:55:36 ----A---- G:\Windows\system32\msdri.dll
2010-03-02 19:55:35 ----A---- G:\Windows\system32\ieframe.dll
2010-03-02 19:55:34 ----A---- G:\Windows\system32\winlogon.exe
2010-03-02 19:55:34 ----A---- G:\Windows\system32\wininet.dll
2010-03-02 19:55:34 ----A---- G:\Windows\system32\urlmon.dll
2010-03-02 19:55:34 ----A---- G:\Windows\system32\msfeedsbs.dll
2010-03-02 19:55:34 ----A---- G:\Windows\system32\iedkcs32.dll
2010-03-02 19:55:34 ----A---- G:\Windows\explorer.exe
2010-03-02 19:55:27 ----A---- G:\Windows\system32\tzres.dll
2010-03-02 19:55:26 ----A---- G:\Windows\system32\t2embed.dll
2010-03-02 19:55:26 ----A---- G:\Windows\system32\fontsub.dll
2010-03-02 19:55:26 ----A---- G:\Windows\system32\atmfd.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\tsbyuv.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\quartz.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\msyuv.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\msvidc32.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\msrle32.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\mciavi32.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\iyuv_32.dll
2010-03-02 19:55:25 ----A---- G:\Windows\system32\avifil32.dll
2010-03-02 19:55:24 ----A---- G:\Windows\system32\jscript.dll
2010-03-02 19:55:13 ----A---- G:\Windows\system32\msasn1.dll
2010-03-02 15:34:14 ----D---- G:\Users\Cale\AppData\Roaming\Macromedia
2010-03-02 15:34:14 ----D---- G:\Users\Cale\AppData\Roaming\Adobe
2010-03-02 15:34:13 ----D---- G:\Windows\system32\Macromed
2010-03-02 15:14:47 ----RD---- G:\Program Files\Program Files
2010-03-02 15:11:57 ----D---- G:\swsetup
2010-03-02 15:11:57 ----D---- G:\ie-spyad_zo
2010-03-02 15:05:34 ----D---- G:\Program Files\uTorrent
2010-03-02 15:05:10 ----D---- G:\Users\Cale\AppData\Roaming\uTorrent
2010-03-02 14:57:48 ----D---- G:\Users\Cale\AppData\Roaming\DMCache
2010-03-02 14:45:54 ----N---- G:\Windows\system32\MpSigStub.exe
2010-03-02 14:32:33 ----A---- G:\Windows\system32\PerfStringBackup.INI
2010-03-02 14:30:55 ----D---- G:\Windows\system32\SupportAppCB
2010-03-02 14:30:54 ----HD---- G:\Program Files\InstallShield Installation Information
2010-03-02 14:30:54 ----D---- G:\Program Files\VinaPhone Mobile Broadband
2010-03-02 14:27:54 ----D---- G:\Users\Cale\AppData\Roaming\Identities
2010-03-02 14:27:39 ----SD---- G:\Users\Cale\AppData\Roaming\Microsoft
2010-03-02 14:27:39 ----D---- G:\Users\Cale\AppData\Roaming\Media Center Programs
2010-03-02 14:26:07 ----SHD---- G:\Recovery
2010-03-02 02:21:20 ----D---- G:\24bc5856770c71f3050f6817ae
2010-02-26 20:34:24 ----A---- G:\Windows\system32\HPMDPCoInst.dll
2010-02-26 20:34:12 ----A---- G:\Windows\system32\hpservice.exe
2010-02-26 20:34:02 ----A---- G:\Windows\system32\accelerometerdll.DLL
2010-02-22 15:07:38 ----HD---- G:\$AVG

======List of files/folders modified in the last 1 months======

2010-03-11 13:53:38 ----D---- G:\Windows\system32\Tasks
2010-03-11 13:52:23 ----D---- G:\Windows\Temp
2010-03-11 13:46:25 ----RD---- G:\Program Files
2010-03-11 13:22:22 ----D---- G:\Windows\System32
2010-03-11 13:22:22 ----D---- G:\Windows\inf
2010-03-11 13:20:05 ----D---- G:\Windows\tracing
2010-03-11 13:17:10 ----D---- G:\Windows
2010-03-11 13:16:27 ----D---- G:\Windows\system32\catroot2
2010-03-11 12:09:56 ----D---- G:\Windows\system32\Msdtc
2010-03-11 12:09:55 ----D---- G:\Windows\system32\config
2010-03-11 11:55:50 ----SHD---- G:\System Volume Information
2010-03-11 01:02:38 ----D---- G:\Windows\system32\NDF
2010-03-10 23:56:29 ----D---- G:\Windows\system32\drivers
2010-03-10 22:27:00 ----HD---- G:\ProgramData
2010-03-09 15:07:56 ----D---- G:\Windows\system32\wdi
2010-03-09 12:40:46 ----D---- G:\Windows\system32\catroot
2010-03-06 10:43:54 ----D---- G:\Windows\winsxs
2010-03-05 15:51:19 ----D---- G:\Windows\system32\DriverStore
2010-03-05 15:50:00 ----RSD---- G:\Windows\assembly
2010-03-05 13:31:11 ----RSD---- G:\Windows\Fonts
2010-03-05 13:31:08 ----D---- G:\Program Files\Common Files\microsoft shared
2010-03-05 13:29:13 ----A---- G:\Windows\win.ini
2010-03-05 13:29:12 ----D---- G:\Program Files\Common Files\System
2010-03-05 11:19:25 ----D---- G:\Program Files\Internet Explorer
2010-03-05 11:17:53 ----D---- G:\Program Files\Common Files
2010-03-04 13:55:28 ----D---- G:\Windows\debug
2010-03-04 13:17:12 ----D---- G:\Windows\AppPatch
2010-03-04 12:44:50 ----D---- G:\Windows\Tasks
2010-03-03 22:01:41 ----D---- G:\Program Files\MSBuild
2010-03-03 22:01:22 ----D---- G:\Windows\ShellNew
2010-03-03 22:00:57 ----SD---- G:\ProgramData\Microsoft
2010-03-03 17:47:15 ----D---- G:\Windows\rescache
2010-03-03 17:46:21 ----D---- G:\Windows\Logs
2010-03-03 12:42:36 ----D---- G:\Windows\LiveKernelReports
2010-03-03 10:54:08 ----D---- G:\Windows\Microsoft.NET
2010-03-03 05:19:09 ----D---- G:\Windows\system32\sysprep
2010-03-03 05:15:33 ----D---- G:\Windows\CSC
2010-03-02 20:01:32 ----D---- G:\Windows\system32\Boot
2010-03-02 20:01:32 ----D---- G:\Program Files\Windows Media Player
2010-03-02 19:56:31 ----D---- G:\Windows\ehome
2010-03-02 19:56:20 ----D---- G:\Windows\system32\en-US
2010-03-02 15:34:14 ----D---- G:\Windows\Downloaded Program Files
2010-03-02 14:37:06 ----D---- G:\Windows\system32\CodeIntegrity
2010-03-02 14:33:26 ----D---- G:\Windows\ModemLogs
2010-03-02 14:32:13 ----D---- G:\Windows\system32\wbem
2010-03-02 14:30:43 ----D---- G:\Windows\system32\restore
2010-03-02 14:27:51 ----SHD---- G:\$Recycle.Bin
2010-03-02 14:27:39 ----RD---- G:\Users
2010-03-02 14:26:07 ----D---- G:\Windows\system32\Recovery

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; G:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-03-03 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; G:\Windows\System32\Drivers\avgldx86.sys [2010-03-05 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; G:\Windows\System32\Drivers\avgmfx86.sys [2010-03-05 29512]
R1 AvgTdiX;AVG Network Redirector; G:\Windows\System32\Drivers\avgtdix.sys [2010-03-05 242696]
R1 blbdrive;blbdrive; G:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; G:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; G:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; G:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ElbyCDIO;ElbyCDIO Driver; G:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; G:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; G:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; G:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 SBRE;SBRE; \??\G:\Windows\system32\drivers\SBREdrv.sys [2010-03-09 95024]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; G:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; G:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; G:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; G:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; G:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; G:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; G:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; G:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; G:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 Accelerometer;HP Mobile Data Protection Sensor; G:\Windows\system32\DRIVERS\Accelerometer.sys [2010-02-26 33848]
R3 AVGIDSDriverw7x;AVG9IDSDriver; \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-03-05 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter; \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-03-05 30216]
R3 AVGIDSShimw7x;AVG9IDSShim; \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-03-05 20488]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; G:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008]
R3 bowser;@%systemroot%\system32\browser.dll,-102; G:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; G:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
R3 CompositeBus;Composite Bus Enumerator Driver; G:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; G:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; G:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; G:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Microsoft HID Class Driver; G:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 igfx;igfx; G:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-11 4756480]
R3 intelppm;Intel Processor Driver; G:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 monitor;Microsoft Monitor Class Function Driver Service; G:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Mouse HID Driver; G:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; G:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; G:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; G:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 NativeWifiP;NativeWiFi Filter; G:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 RasAgileVpn;WAN Miniport (IKEv2); G:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; G:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; G:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 RTL8167;Realtek 8167 NT Driver; G:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 sdbus;sdbus; G:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; G:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; G:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; G:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;UMBus Enumerator Driver; G:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Microsoft USB Generic Parent Driver; G:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; G:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Microsoft USB Standard Hub Driver; G:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 USBSTOR;USB Mass Storage Driver; G:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; G:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
R3 usbvideo;USB Video Device (WDM); G:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 146176]
R3 VClone;VClone; G:\Windows\system32\DRIVERS\VClone.sys [2009-08-10 29696]
R3 vwifibus;Virtual WiFi Bus Driver; G:\Windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; G:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; G:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; G:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2009-09-01 105088]
R3 ZTEusbnmea;ZTE NMEA Port; G:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2009-09-01 105088]
R3 ZTEusbser6k;ZTE Diagnostic Port; G:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2009-09-01 105088]
S3 1394ohci;1394 OHCI Compliant Host Controller; G:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 AcpiPmi;ACPI Power Meter Driver; G:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; G:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; G:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; G:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; G:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; G:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; G:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; G:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; G:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; G:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; G:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; G:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; G:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; G:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD; G:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-14 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; G:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; G:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-14 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; G:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-14 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); G:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; G:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-14 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; G:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-14 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; G:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-14 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; G:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 circlass;Consumer IR Devices; G:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; G:\Windows\system32\DRIVERS\evbdx.sys [2009-07-14 3100160]
S3 elxstor;elxstor; G:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; G:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; G:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; G:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; G:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; G:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; G:\Windows\system32\drivers\hcw85cir.sys [2009-07-14 26624]
S3 HidBatt;HID UPS Battery Driver; G:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; G:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; G:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; G:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; G:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; G:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; G:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 IPMIDRV;IPMIDRV; G:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; G:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; G:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 kbdhid;Keyboard HID Driver; G:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
S3 LSI_FC;LSI_FC; G:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; G:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; G:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; G:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 massfilter;ZTE Mass Storage Filter Driver; G:\Windows\system32\drivers\massfilter.sys [2009-09-01 9216]
S3 megasas;megasas; G:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; G:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; G:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msdsm;msdsm; G:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; G:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; G:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; G:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; G:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; G:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; G:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nmwcd;Nokia USB Phone Parent; G:\Windows\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; G:\Windows\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; G:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; G:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; G:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); G:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 pccsmcfd;PCCS Mode Change Filter Driver; G:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ql2300;ql2300; G:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; G:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; G:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 s3cap;s3cap; G:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; G:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; G:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; G:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; G:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; G:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; G:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; G:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; G:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; G:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; G:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; G:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; G:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; G:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; G:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; G:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; G:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; G:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 upperdev;upperdev; G:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbcir;eHome Infrared Receiver (USBCIR); G:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; G:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
S3 usbprint;Microsoft USB PRINTER Class; G:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 usbser;USB Modem Driver; G:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; G:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 vga;vga; G:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; G:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; G:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; G:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; G:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; G:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; G:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 WacomPen;Wacom Serial Pen HID Driver; G:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; G:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; G:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; G:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WUDFRd;WUDFRd; G:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 crcdisk;Crcdisk Filter Driver; G:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; G:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 avg9emc;AVG E-mail Scanner; G:\Program Files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
R2 avg9wd;AVG WatchDog; G:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
R2 avgfws9;AVG Firewall; G:\Program Files\AVG\AVG9\avgfws9.exe [2010-03-05 2325816]
R2 AVGIDSAgent;AVG9IDSAgent; G:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-03-05 5888008]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UI Assistant Service;UI Assistant Service; G:\Program Files\VinaPhone Mobile Broadband\AssistantServices.exe [2009-09-22 246272]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; G:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 KeyIso;@keyiso.dll,-100; G:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; G:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; G:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; G:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-11 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; G:\Windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; G:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; G:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; G:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; G:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-11 42856]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; G:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-11 878416]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; G:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; G:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; G:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; G:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; G:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; G:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; G:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; G:\Windows\System32\vds.exe [2009-07-14 452608]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; G:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; G:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 hpsrv;HP Service; G:\Windows\system32\Hpservice.exe [2010-02-26 26168]
S4 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; G:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; G:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-11 128848]
S4 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; G:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; G:\Windows\System32\snmptrap.exe [2009-07-14 12800]

-----------------EOF-----------------


#7 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 02:07 AM

If it's a hijack log you need, my win patrol plus can produce one.

Here's the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-11 14:05:50
Windows 6.1.7600
Running: gmer.exe; Driver: G:\Users\Cale\AppData\Local\Temp\kwlyrpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x81ECC730]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x81ECC7E0]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x81ECC880]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x81ECC920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A22AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A22104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A223F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0B2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A221DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A22958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A226F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A22F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A231A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86086A9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 127
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.UYVY msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YUY2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVYU msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.IYUV iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.i420 iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVU9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm G:\Windows\System32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs G:\Windows\System32\avgrsstx.dll

---- Files - GMER 1.0.15 ----

File G:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 02:22 AM

another note. before posting here i went through the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and shortly after doing so I noticed another strange change on my computer. i have windows 7 pro, i had the windows basic theme activated. This included the background image that was blue with the four coloured windows symbol in the middle. However, its gone black. i right clicked on the desktop, clicked personalize. then clicked on the 'desktop background' button. The window that came up was empty, all the pictures that used to be there are not visible. They're still there, i can click on them, but i can't see the images. and if i change the background to a new picture, the desktop remains black.

any ideas?

could that defogger program have anything to do with this?

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:05 AM

Posted 11 March 2010 - 09:48 AM

Hello, caleman22.
QUOTE
It finished but only opened the log.txt.

It's possible that you've run RSIT previously. You can find the info.txt in the C:\rsit folder

QUOTE
could that defogger program have anything to do with this?

Not too sure about that one, since I do not yse Windows7 myself. Defogger only disables the CD emulation drivers. It is possible, however, that the malware could be causing this. If this problem does not go away at the end of the fix, let me know and we'll work on that smile.gif

P2P Program Warning!

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 11:50 AM

combo log

ComboFix 10-03-10.08 - Cale 11/03/2010 23:35:45.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.2975.1897 [GMT 7:00]
Running from: g:\users\Cale\Documents\Downloads\Programs\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of g:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-11 16:41 . 2010-03-11 16:42 -------- d-----w- g:\users\Cale\AppData\Local\temp
2010-03-11 16:41 . 2010-03-11 16:41 -------- d-----w- g:\users\Default\AppData\Local\temp
2010-03-11 16:34 . 2010-03-11 16:34 -------- d-----w- G:\Device
2010-03-11 16:31 . 2010-03-11 16:32 -------- d-----w- G:\32788R22FWJFW
2010-03-10 15:27 . 2010-03-10 15:27 -------- d-----w- g:\users\Cale\AppData\Roaming\Malwarebytes
2010-03-10 15:27 . 2010-03-10 15:27 -------- d-----w- g:\programdata\Malwarebytes
2010-03-09 06:06 . 2010-03-09 06:06 -------- d-----w- g:\users\Cale\AppData\Local\Sunbelt Software
2010-03-09 05:47 . 2010-03-09 05:53 54 ----a-w- g:\windows\system32\rp_stats.dat
2010-03-09 05:47 . 2010-03-09 05:53 44 ----a-w- g:\windows\system32\statistics.dat
2010-03-09 05:47 . 2010-03-09 05:53 39 ----a-w- g:\windows\system32\rp_rules.dat
2010-03-09 05:40 . 2010-03-09 06:19 95024 ----a-w- g:\windows\system32\drivers\SBREDrv.sys
2010-03-09 05:23 . 2010-03-10 14:59 -------- d-----w- g:\programdata\Lavasoft
2010-03-07 05:31 . 2010-03-07 05:31 -------- d-----w- g:\program files\XP-Legacy
2010-03-06 09:00 . 2010-03-06 09:00 -------- d-----w- g:\program files\QuickTime
2010-03-05 17:15 . 2010-03-11 09:51 0 ----a-w- g:\users\Cale\AppData\Local\prvlcl.dat
2010-03-05 16:26 . 2010-03-05 16:26 -------- d-----w- g:\users\Cale\AppData\Local\Apple Computer
2010-03-05 16:23 . 2010-03-06 09:00 -------- d-----w- g:\programdata\Apple Computer
2010-03-05 15:32 . 2009-05-15 12:08 1485824 ----a-w- g:\programdata\Microsoft\Windows\Start Menu\Programs\Vietnam\WinVNKey.exe
2010-03-05 14:59 . 2010-03-05 14:59 -------- d-----w- g:\program files\TriChlor
2010-03-05 09:32 . 2010-03-05 09:33 -------- d-----w- g:\users\Cale\AppData\Local\Adobe
2010-03-05 08:54 . 2010-03-05 08:54 -------- d-----w- g:\users\Cale\AppData\Roaming\AVG9
2010-03-05 06:29 . 2010-03-05 06:29 -------- d-----w- g:\users\Default\AppData\Local\Microsoft Help
2010-03-05 06:26 . 2010-03-05 06:26 -------- d-sh--w- g:\windows\system32\%APPDATA%
2010-03-05 04:17 . 2010-03-05 04:17 -------- d-----w- g:\program files\Common Files\Apple
2010-03-05 04:17 . 2010-03-05 04:17 -------- d-----w- g:\users\Cale\AppData\Local\Apple
2010-03-05 04:17 . 2010-03-05 04:17 -------- d-----w- g:\program files\Apple Software Update
2010-03-05 04:17 . 2010-03-05 04:17 -------- d-----w- g:\programdata\Apple
2010-03-05 03:52 . 2010-03-05 03:52 12464 ----a-w- g:\windows\system32\avgrsstx.dll
2010-03-04 06:14 . 2010-03-04 06:14 -------- d-----w- g:\windows\system32\Wat
2010-03-04 06:13 . 2010-03-04 06:13 -------- d-----w- g:\program files\Microsoft Silverlight
2010-03-04 05:45 . 2010-03-04 05:45 -------- d-----w- g:\programdata\IObit
2010-03-04 05:36 . 2010-03-09 03:22 -------- d-----w- g:\users\Cale\AppData\Roaming\IObit
2010-03-04 05:36 . 2010-03-04 05:36 -------- d-----w- g:\program files\IObit
2010-03-04 05:02 . 2009-12-08 11:40 3955288 ----a-w- g:\windows\system32\ntkrnlpa.exe
2010-03-04 05:02 . 2009-12-08 11:40 3899464 ----a-w- g:\windows\system32\ntoskrnl.exe
2010-03-04 05:02 . 2009-12-08 11:32 292864 ----a-w- g:\windows\system32\apphelp.dll
2010-03-04 04:58 . 2010-03-11 16:08 -------- d-----w- g:\program files\Crawler
2010-03-03 15:10 . 2010-03-03 15:10 -------- d-----w- g:\users\Cale\AppData\Roaming\Uniblue
2010-03-03 15:03 . 2008-11-10 04:41 32656 ----a-w- g:\windows\system32\msonpmon.dll
2010-03-03 15:03 . 2006-10-26 12:56 33104 ----a-w- g:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-03 15:01 . 2010-03-05 06:30 -------- d-----w- g:\program files\Microsoft Works
2010-03-03 15:00 . 2010-03-03 15:00 -------- d-----w- g:\program files\Microsoft.NET
2010-03-03 14:59 . 2010-03-03 14:59 -------- d-----w- g:\program files\Microsoft Visual Studio 8
2010-03-03 14:58 . 2010-03-03 14:58 -------- d-----w- g:\users\Cale\AppData\Local\Microsoft Help
2010-03-03 14:58 . 2010-03-05 08:51 -------- d-----w- g:\programdata\Microsoft Help
2010-03-03 14:57 . 2010-03-10 00:25 -------- d-----w- g:\users\Cale\AppData\Local\Diagnostics
2010-03-03 14:57 . 2010-03-03 14:57 -------- d-----r- G:\MSOCache
2010-03-03 08:22 . 2010-03-03 08:22 -------- d-----w- g:\program files\Elaborate Bytes
2010-03-03 07:27 . 2010-03-03 07:27 -------- d-----w- g:\program files\Speccy
2010-03-03 07:21 . 2010-03-11 04:53 -------- d-----w- g:\programdata\Spybot - Search & Destroy
2010-03-03 07:21 . 2010-03-03 07:24 -------- d-----w- g:\program files\Spybot - Search & Destroy
2010-03-03 07:13 . 2010-03-03 07:13 -------- d-----w- g:\program files\Defraggler
2010-03-03 07:12 . 2010-03-03 07:12 -------- d-----w- g:\program files\CCleaner
2010-03-03 07:07 . 2010-03-03 07:07 -------- d-----w- g:\windows\system32\Adobe
2010-03-03 06:58 . 2010-03-03 06:58 -------- d-----w- g:\users\Cale\AppData\Roaming\WinPatrol
2010-03-03 06:58 . 2010-03-03 06:58 -------- d-----w- g:\program files\BillP Studios
2010-03-03 06:52 . 2010-03-03 06:52 -------- d-----w- g:\program files\Common Files\Adobe
2010-03-03 06:52 . 2004-08-04 00:00 506368 ----a-w- g:\windows\system32\msxml.dll
2010-03-03 06:45 . 2010-03-03 06:45 -------- d-----w- g:\users\Cale\AppData\Roaming\skypePM
2010-03-03 06:44 . 2010-03-03 06:45 -------- d-----w- g:\users\Cale\AppData\Roaming\Skype
2010-03-03 06:44 . 2010-03-03 06:44 -------- d-----w- g:\program files\Common Files\Skype
2010-03-03 06:44 . 2010-03-03 06:44 -------- d-----r- g:\program files\Skype
2010-03-03 06:33 . 2009-09-04 10:29 1892184 ----a-w- g:\windows\system32\D3DX9_42.dll
2010-03-03 06:33 . 2006-09-28 09:05 2414360 ----a-w- g:\windows\system32\d3dx9_31.dll
2010-03-03 06:32 . 2010-03-03 06:32 -------- d-----w- g:\program files\Winamp Detect
2010-03-03 06:32 . 2010-03-03 06:32 -------- d-----w- g:\program files\Common Files\PX Storage Engine
2010-03-03 06:32 . 2010-03-03 06:35 -------- d-----w- g:\users\Cale\AppData\Roaming\Winamp
2010-03-03 06:31 . 2010-03-03 06:33 -------- d-----w- g:\program files\Winamp
2010-03-03 06:31 . 2010-03-03 06:31 -------- d-----w- g:\programdata\OrbNetworks
2010-03-03 06:31 . 2010-03-03 06:31 -------- d-----w- g:\program files\Winamp Remote
2010-03-03 06:24 . 2010-03-03 06:44 -------- d-----w- g:\programdata\Skype
2010-03-03 06:21 . 2010-03-11 16:42 -------- d-----w- g:\users\Cale\Tracing
2010-03-03 06:18 . 2010-03-04 06:14 -------- d-----w- g:\program files\Microsoft
2010-03-03 06:18 . 2010-03-03 06:18 -------- d-----w- g:\program files\Windows Live SkyDrive
2010-03-03 06:17 . 2010-03-03 06:18 -------- d-----w- g:\program files\Windows Live
2010-03-03 06:17 . 2010-03-03 06:17 -------- d-----w- g:\windows\PCHEALTH
2010-03-03 06:15 . 2010-03-03 06:15 -------- d-----w- g:\users\Cale\AppData\Local\Yahoo
2010-03-03 06:15 . 2010-03-03 06:15 -------- d-----w- g:\users\Cale\AppData\Roaming\Yahoo!
2010-03-03 06:14 . 2009-12-14 09:52 607472 ----a-w- g:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-03-03 06:14 . 2010-03-03 06:14 -------- d-----w- g:\program files\Common Files\Windows Live
2010-03-03 06:12 . 2010-03-03 06:14 -------- d-----w- g:\program files\Yahoo!
2010-03-03 05:42 . 2010-03-03 05:42 -------- d-----w- g:\programdata\PopCap Games
2010-03-03 05:40 . 2010-03-03 05:40 -------- d-----w- g:\program files\GameHouse
2010-03-03 05:38 . 2010-03-03 05:38 198064 ----a-w- g:\users\Cale\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-03 05:37 . 2010-03-03 05:38 -------- d-----w- g:\program files\Internet Download Manager
2010-03-03 05:27 . 2010-03-11 05:10 -------- d-----w- g:\users\Cale\AppData\Roaming\IDM
2010-03-03 05:27 . 2010-03-03 05:27 -------- d-----w- g:\users\Cale\AppData\Roaming\Nokia Ovi Suite
2010-03-03 05:07 . 2010-03-03 06:14 -------- d-----w- g:\programdata\Yahoo!
2010-03-03 05:01 . 2010-03-03 05:01 -------- d-----w- g:\users\Cale\AppData\Local\AVG Security Toolbar
2010-03-03 04:43 . 2010-03-05 03:52 52872 ----a-w- g:\windows\system32\drivers\avgrkx86.sys
2010-03-03 04:43 . 2010-03-05 03:52 242696 ----a-w- g:\windows\system32\drivers\avgtdix.sys
2010-03-03 04:43 . 2010-03-05 03:52 216200 ----a-w- g:\windows\system32\drivers\avgldx86.sys
2010-03-03 04:43 . 2010-03-11 16:18 -------- d-----w- g:\windows\system32\drivers\Avg
2010-03-03 04:43 . 2010-03-05 03:52 29512 ----a-w- g:\windows\system32\drivers\avgmfx86.sys
2010-03-03 04:43 . 2010-03-03 04:44 -------- d-----w- g:\programdata\AVG Security Toolbar
2010-03-03 04:43 . 2010-03-05 03:52 25096 ----a-w- g:\windows\system32\drivers\AVGIDSwx.sys
2010-03-03 04:42 . 2010-03-03 04:42 24856 ----a-w- g:\windows\system32\drivers\avgfwd6x.sys
2010-03-03 04:41 . 2010-03-05 16:25 108824 ----a-w- g:\users\Cale\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 04:41 . 2010-03-10 14:57 -------- d-----w- g:\programdata\avg9
2010-03-03 04:41 . 2010-03-03 04:41 -------- d-----w- g:\program files\AVG
2010-03-03 04:28 . 2010-03-03 04:28 -------- d-----w- g:\programdata\Nokia
2010-03-03 04:26 . 2010-03-03 05:27 -------- d-----w- g:\users\Cale\AppData\Roaming\Nokia
2010-03-03 04:24 . 2010-03-03 04:28 -------- d-----w- g:\users\Cale\AppData\Local\Nokia
2010-03-03 04:24 . 2010-03-03 04:24 -------- d-----w- g:\programdata\PC Suite
2010-03-03 04:24 . 2010-03-03 04:27 -------- d-----w- g:\users\Cale\AppData\Roaming\PC Suite
2010-03-03 04:24 . 2010-03-03 04:27 -------- d-----w- g:\users\Cale\AppData\Local\NokiaAccount
2010-03-03 04:15 . 2010-03-03 04:15 -------- d-----w- g:\users\Cale\AppData\Local\Mozilla
2010-03-03 04:06 . 2010-03-03 04:06 -------- d-----w- g:\program files\Common Files\Nokia
2010-03-03 04:06 . 2010-03-03 04:06 -------- d-----w- g:\program files\DIFX
2010-03-03 04:06 . 2008-08-26 02:26 18816 ----a-w- g:\windows\system32\drivers\pccsmcfd.sys
2010-03-02 22:14 . 2010-03-11 05:08 -------- d-----w- g:\windows\Panther
2010-03-02 12:58 . 2009-09-10 05:52 257024 ----a-w- g:\windows\system32\msv1_0.dll
2010-03-02 08:34 . 2010-03-02 08:34 -------- d-----w- g:\windows\system32\Macromed
2010-03-02 08:14 . 2010-03-02 08:19 -------- d-----r- g:\program files\Program Files
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- G:\swsetup
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- G:\ie-spyad_zo
2010-03-02 08:05 . 2010-03-10 14:57 -------- d-----w- g:\program files\uTorrent
2010-03-02 08:05 . 2010-03-11 08:46 -------- d-----w- g:\users\Cale\AppData\Roaming\uTorrent
2010-03-02 07:57 . 2010-03-11 16:42 -------- d-----w- g:\users\Cale\AppData\Roaming\DMCache
2010-03-02 07:45 . 2010-02-24 02:16 181632 ------w- g:\windows\system32\MpSigStub.exe
2010-03-02 07:32 . 2010-03-11 16:40 -------- d-----w- g:\windows\system32\wbem\Performance
2010-03-02 07:31 . 2009-09-01 02:55 105088 ----a-w- g:\windows\system32\drivers\ZTEusbvoice.sys
2010-03-02 07:31 . 2009-09-01 02:55 105088 ----a-w- g:\windows\system32\drivers\ZTEusbser6k.sys
2010-03-02 07:31 . 2009-09-01 02:55 105088 ----a-w- g:\windows\system32\drivers\ZTEusbnmeaext.sys
2010-03-02 07:31 . 2009-09-01 02:55 9216 ----a-w- g:\windows\system32\drivers\massfilter.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 06:46 . 2010-03-11 06:46 -------- d-----w- g:\program files\trend micro
2010-03-10 16:56 . 2010-03-10 16:56 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
2010-03-10 14:56 . 2009-07-13 23:11 21584 ----a-w- g:\windows\system32\drivers\atapi.sys
2010-03-03 15:01 . 2009-07-14 04:52 -------- d-----w- g:\program files\MSBuild
2010-03-03 06:45 . 2010-03-03 06:45 56 ---ha-w- g:\programdata\ezsidmv.dat
2010-03-03 04:24 . 2010-03-03 04:24 0 ---ha-w- g:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-03 04:08 . 2010-03-03 04:08 0 ---ha-w- g:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-03 04:06 . 2010-03-03 04:04 -------- d-----w- g:\program files\Nokia
2010-03-03 04:06 . 2010-03-03 04:06 -------- d-----w- g:\program files\PC Connectivity Solution
2010-03-03 04:04 . 2010-03-03 04:04 12212040 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-03 04:04 . 2010-03-03 04:04 13930312 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-03 04:04 . 2010-03-03 04:04 77824 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-03 04:04 . 2010-03-03 04:04 61440 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-03 04:04 . 2010-03-03 04:04 58880 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-03 04:04 . 2010-03-03 04:04 50000 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\pcswpc.exe
2010-03-03 04:04 . 2010-03-03 04:04 -------- d-----w- g:\programdata\OviInstallerCache
2010-03-03 04:03 . 2010-03-03 04:04 98302544 ----a-w- g:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Nokia_Ovi_Suite_webinstaller_ALL[1].exe
2010-03-02 22:17 . 2010-03-02 22:17 0 ---ha-w- g:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-03-02 12:52 . 2010-03-02 12:52 0 ---ha-w- g:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-02-02 07:45 . 2010-03-02 12:55 2048 ----a-w- g:\windows\system32\tzres.dll
2010-01-21 07:53 . 2010-01-21 07:53 18048 ----a-w- g:\windows\system32\drivers\ccdcmb.sys
2010-01-18 23:29 . 2010-03-02 12:55 85504 ----a-w- g:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-03-02 12:55 85504 ----a-w- g:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-03-02 12:55 365568 ----a-w- g:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-03-02 12:55 369152 ----a-w- g:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-03-02 12:55 324608 ----a-w- g:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-03-02 12:55 277504 ----a-w- g:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-03-02 12:55 320512 ----a-w- g:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-03-02 12:55 280064 ----a-w- g:\windows\system32\RMActivate_ssp.exe
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- g:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- g:\windows\system32\msvcp71.dll
2010-01-08 03:18 . 2010-03-02 12:55 221184 ----a-w- g:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-03-02 12:55 123392 ----a-w- g:\windows\system32\drivers\mrxsmb.sys
2009-12-30 04:30 . 2009-12-30 04:30 7936 ----a-w- g:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-30 04:30 . 2009-12-30 04:30 660480 ----a-w- g:\windows\system32\nmwcdcocls.dll
2009-12-30 04:30 . 2010-03-03 04:06 91136 ----a-w- g:\windows\system32\nmwcdcls.dll
2009-12-30 04:30 . 2009-12-30 04:30 7936 ----a-w- g:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-30 04:30 . 2009-12-30 04:30 22016 ----a-w- g:\windows\system32\drivers\ccdcmbo.sys
2009-12-19 09:02 . 2010-03-02 12:55 977920 ----a-w- g:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-03-02 12:55 12288 ----a-w- g:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-03-02 12:55 1328640 ----a-w- g:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-03-02 12:55 22016 ----a-w- g:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-03-02 12:55 31744 ----a-w- g:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-03-02 12:55 13312 ----a-w- g:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-03-02 12:55 84480 ----a-w- g:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-03-02 12:55 50176 ----a-w- g:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-03-02 12:55 91648 ----a-w- g:\windows\system32\avifil32.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- g:\windows\system32\drivers\ElbyCDIO.sys
2009-12-13 09:30 . 2010-03-02 12:55 641536 ----a-w- g:\windows\system32\CPFilters.dll
2009-12-13 09:30 . 2010-03-02 12:55 465408 ----a-w- g:\windows\system32\psisdecd.dll
2009-12-13 09:29 . 2010-03-02 12:55 417792 ----a-w- g:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- g:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 06:02 1230080 ----a-w- g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="g:\program files\Internet Download Manager\IDMan.exe" [2010-03-03 3179952]
"RegistryMechanic"="g:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"msnmsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Sidebar"="g:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIExec"="g:\program files\VinaPhone Mobile Broadband\UIExec.exe" [2009-09-21 132096]
"WinPatrol"="g:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-03-08 337216]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"Malwarebytes Anti-Malware (reboot)"="g:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R3 AVGIDSAgent;AVG9IDSAgent;g:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDriverw7x;AVG9IDSDriver;g:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-03-05 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;g:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-03-05 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;g:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-03-05 20488]
R3 massfilter;ZTE Mass Storage Filter Driver;g:\windows\system32\drivers\massfilter.sys [2009-09-01 9216]
R3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]
R4 hpsrv;HP Service;g:\windows\system32\Hpservice.exe [2010-02-26 26168]
S0 AVGIDSErHrw7x;AVG9IDSErHr;g:\windows\System32\Drivers\AVGIDSwx.sys [2010-03-05 25096]
S0 AvgRkx86;avgrkx86.sys;g:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 Avgfwfd;AVG network filter service;g:\windows\system32\DRIVERS\avgfwd6x.sys [2010-03-03 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;g:\windows\System32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG Network Redirector;g:\windows\System32\Drivers\avgtdix.sys [2010-03-05 242696]
S1 SBRE;SBRE;g:\windows\system32\drivers\SBREdrv.sys [2010-03-09 95024]
S1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG E-mail Scanner;g:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;g:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S2 avgfws9;AVG Firewall;g:\program files\AVG\AVG9\avgfws9.exe [2010-03-05 2325816]
S2 SBSDWSCService;SBSD Security Center Service;g:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UI Assistant Service;UI Assistant Service;g:\program files\VinaPhone Mobile Broadband\AssistantServices.exe [2009-09-21 246272]
S3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Contents of the 'Scheduled Tasks' folder

2010-03-11 g:\windows\Tasks\AWC Startup.job
- g:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-04 06:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: Crawler Search - tbr:iemenu
IE: Download all links with IDM - g:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - g:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - g:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {40B7C013-9570-47B4-9315-646B97860DFF} = 10.1.10.11 203.162.0.11
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - g:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - g:\users\Cale\AppData\Roaming\Mozilla\Firefox\Profiles\c3bf66b0.default\
FF - prefs.js: browser.search.selectedEngine - Vietnamese - English dictionary
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: g:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: g:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: g:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: g:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: g:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: g:\program files\Crawler\firefox\components\xcomm.dll
FF - component: g:\program files\Crawler\firefox\components\xshared.dll
FF - component: g:\program files\Crawler\firefox\components\xsupport.dll
FF - component: g:\program files\Crawler\firefox\components\xwsg.dll
FF - component: g:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: g:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: g:\users\Cale\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: g:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: g:\program files\mozilla firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
g:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
g:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3452)
g:\program files\Internet Download Manager\IDMIECC.dll
.
------------------------ Other Running Processes ------------------------
.
g:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
g:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
g:\program files\AVG\AVG9\avgam.exe
g:\program files\AVG\AVG9\avgnsx.exe
g:\program files\AVG\AVG9\avgcsrvx.exe
g:\windows\system32\WUDFHost.exe
g:\windows\system32\taskhost.exe
g:\program files\AVG\AVG9\avgrsx.exe
g:\program files\AVG\AVG9\avgchsvx.exe
g:\program files\AVG\AVG9\avgcsrvx.exe
g:\windows\system32\conhost.exe
g:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-03-11 23:45:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-11 16:45

Pre-Run: 80,995,966,976 bytes free
Post-Run: 80,860,459,008 bytes free

- - End Of File - - CE1E5884CC41B47D9DE7B9AEE527BD03


info log

info.txt logfile of random's system information tool 1.06 2010-03-11 13:48:43

======Uninstall list======

µTorrent-->"G:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->G:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->G:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"G:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"G:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 9.0-->G:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bookworm Adventures Deluxe-->G:\PROGRA~1\GAMEHO~1\BOOKWO~1\UNWISE.EXE /U G:\PROGRA~1\GAMEHO~1\BOOKWO~1\INSTALL.LOG
CCleaner-->"G:\Program Files\CCleaner\uninst.exe"
Crawler Toolbar with Web Security Guard-->G:\PROGRA~1\Crawler\CToolbar.exe uninst
Defraggler-->"G:\Program Files\Defraggler\uninst.exe"
Internet Download Manager-->G:\Program Files\Internet Download Manager\Uninstall.exe
Malwarebytes' Anti-Malware-->"G:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"G:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.6)-->G:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{BA63348B-143D-4CAC-A355-3879402ED781}
Nokia Ovi Suite-->G:\ProgramData\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Nokia_Ovi_Suite_webinstaller_ALL[1].exe
Nokia Ovi Suite-->MsiExec.exe /X{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}
Ovi Desktop Sync Engine-->MsiExec.exe /X{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}
OviMPlatform-->MsiExec.exe /I{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}
PC Connectivity Solution-->MsiExec.exe /I{481C9A00-91AC-4065-870C-BD4E28186E5A}
QuickTime-->MsiExec.exe /I{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}
Registry Mechanic 8.0-->"G:\Program Files\Registry Mechanic\unins000.exe" /Log
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Speccy-->"G:\Program Files\Speccy\uninst.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"G:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
VinaPhone Mobile Broadband-->"G:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0009 -removeonly
VirtualCloneDrive-->"G:\Program Files\Elabora

#11 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 11:52 AM

hijack log

Log created by WinPatrol PLUS version 16.0.2009.0:16.0.2009.0
Scan saved at 11:51:33 PM, on 3/11/2010
Platform: Windows Vista (Build 7600)
MSIE: Internet Explorer (8.00.7600.16385)
Boot mode: Normal

Running processes:
G:\Windows\System32\taskhost.exe
G:\Windows\System32\taskeng.exe
G:\Windows\System32\dwm.exe
G:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 3\AWC.exe
G:\PROGRAM FILES\VINAPHONE MOBILE BROADBAND\UIExec.exe
G:\PROGRAM FILES\MICROSOFT OFFICE\Office12\GROOVEMONITOR.EXE
G:\PROGRAM FILES\WINDOWS SIDEBAR\sidebar.exe
G:\Windows\explorer.exe
G:\Windows\System32\notepad.exe
G:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
G:\Program Files\Crawler\CToolbar.exe
G:\PROGRAM FILES\VINAPHONE MOBILE BROADBAND\UIMain.exe
G:\PROGRAM FILES\VINAPHONE MOBILE BROADBAND\CMUPDATER.EXE
G:\Windows\System32\SEARCHFILTERHOST.EXE
G:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
G:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLUAC.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ctbr - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - G:\Program Files\Crawler\ctbr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - G:\Program Files\Crawler\ctbr.dll
O4 - HKLM\..\Run: [UIExec]G:\Program Files\VinaPhone Mobile Broadband\UIExec.exe
O4 - HKLM\..\Run: [WinPatrol PLUS]G:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [GrooveMonitor]G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task]G:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)]G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript
O4 - HKCU\..\Run: [IDMan]G:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RegistryMechanic]G:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [msnmsgr]G:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [Sidebar]G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links with IDM - G:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - G:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - G:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [] -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: G:\Windows\System32\avgrsstx.dll

O23 - Service: AVG E-mail Scanner - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent - - G:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent
O23 - Service: HP Service - Hewlett-Packard Company - G:\Windows\System32\Hpservice.exe
O23 - Service: SBSD Security Center Service - Safer Networking Ltd. - G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UI Assistant Service - - G:\Program Files\VinaPhone Mobile Broadband\AssistantServices.exe

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.7600.16385
MSIE: Internet Explorer (8.00.7600.16385)
Firefox 3.6 installed in G:\Program Files\Mozilla Firefox.
6 IE Cookies in Folder: G:\Users\Cale\AppData\Roaming\Microsoft\Windows\Cookies\
0 Mozilla Cookies in Folder: G:\Users\Cale\AppData\Roaming\Mozilla\FireFox\Profiles\c3bf66b0.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = G:\Windows\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [AWC Startup.job]G:\Program Files\IObit\Advanced SystemCare 3\AWC.exe 03/11/2010 11:42 PM

WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] G:\Windows\System32\icardie.dll 8.00.7600.16385
WP16 - ActiveX: {7D11E719-FF90-479C-B0D7-96EB43EE55D7} [IDMDwnlMgr Class] G:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\DOWNLWITHIDM.DLL 5, 16, 1, 0
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] G:\Windows\System32\Macromed\Flash\Flash10e.ocx 10,0,45,2
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] G:\Windows\System32\msxml3.dll 8.110.7600.16385
WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] G:\Program Files\Microsoft Office\Office12\REFEDIT.DLL 12.0.6413.1000
WP16 - ActiveX: {261B8CA9-3BAF-4BD0-B0C2-BF04286785C6} [Microsoft Office Outlook View Control] G:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] G:\Windows\System32\wmpdxm.dll 12.0.7600.16385
WP16 - ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} [Shockwave ActiveX Control] G:\Windows\System32\Adobe\Director\SwDir.dll 11.5.6
WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] G:\Program Files\Microsoft Office\Office12\VVIEWER.DLL 12.0.6513.5000
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [Microsoft Silverlight] G:\PROGRAM FILES\MICROSOFT SILVERLIGHT\3.0.50106.0\npctrl.dll 3.0.50106.0
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] G:\Windows\System32\hhctrl.ocx 6.1.7600.16385
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] G:\Windows\System32\mstscax.dll 6.1.7600.16385
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft RDP Client Control (redistributable) - version 4a] G:\Windows\System32\mstscax.dll 6.1.7600.16385
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] G:\Windows\System32\ieframe.dll 8.00.7600.16385
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] G:\Windows\System32\FM20.DLL 12.0.6514.5000
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft RDP Client Control (redistributable) - version 3a] G:\Windows\System32\mstscax.dll 6.1.7600.16385
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] G:\Windows\System32\mshtml.dll 8.00.7600.16385
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] G:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] G:\Windows\System32\Macromed\Flash\Flash10e.ocx 10,0,45,2

WP32 - Hidden File: G:\Windows\WindowsShell.Manifest
WP32 - Hidden File: G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
WP32 - Hidden File: G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-security-lsalookup-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-security-sddl-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-service-core-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-service-management-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-service-management-l2-1-0.dll
WP32 - Hidden File: G:\Windows\System32\api-ms-win-service-winsvc-l1-1-0.dll
WP32 - Hidden File: G:\Windows\System32\config\BCD-Template.LOG
WP32 - Hidden File: G:\Windows\System32\config\COMPONENTS.LOG
WP32 - Hidden File: G:\Windows\System32\config\COMPONENTS.LOG1
WP32 - Hidden File: G:\Windows\System32\config\COMPONENTS.LOG2

WP33 - File Type .AVI: [Video Clip]G:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [WinRAR archive]G:\Program Files\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Security Catalog]G:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]G:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]G:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]G:\Windows\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]G:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]G:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]G:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI File Format]G:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .MP3: [MPEG Layer 3 Audio File]G:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]G:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]G:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]G:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]G:\Windows\System32\rundll32.exe G:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]G:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]G:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]G:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]G:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]G:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 34%
Physical Memory Free: 1,991,564 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 2,015,044 KB


--
End of file


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:05 AM

Posted 11 March 2010 - 12:01 PM

Hello, caleman22.
Looks good. How's your PC doing?

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

NEXT:

Please run a fresh GMER scan and post the log here

In your next reply, please include the following:
  • ActiveScan Report
  • Fresh GMER log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 12:05 PM

ok, give me a few minutes to do this stuff. the desktop is no longer black, so we must have solved the issue.

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:05 AM

Posted 11 March 2010 - 12:55 PM

Hi!

Okay. I'll wait for the logs smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 March 2010 - 01:01 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 00:59:37
Windows 6.1.7600
Running: gmer.exe; Driver: G:\Users\Cale\AppData\Local\Temp\kwlyrpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x99303730]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x993037E0]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x99303880]
SSDT \??\G:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x99303920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E222D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E21898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3A1A8

Code A77B8946 IoReportHalResourceUsage

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 632
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 141

---- EOF - GMER 1.0.15 ----





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users