Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse SHeur3.FYH


  • Please log in to reply
12 replies to this topic

#1 slydell

slydell

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 16 March 2010 - 05:39 PM

Visited a movie site, and my computer was pretty much taken over. Antivirus was disabled, and could not access internet even in safe mode. Did system restore and gained back access, but reports keep coming up saying I have this trojan in my system restore folder and a local internet files folder. I disabled system restore and also did disk cleanup. Here is my DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Brian Hans at 18:26:42.79 on Tue 03/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1270 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian Hans\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" /S
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\nukutowe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brianh~1\applic~1\mozilla\firefox\profiles\bq6vxiuz.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-29 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-29 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-29 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2010-03-16 22:11:04 0 d-----w- c:\program files\TrendMicro
2010-03-16 12:22:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 01:28:27 0 d--h--w- C:\$AVG
2010-03-16 01:27:48 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-15 01:59:18 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-10 15:36:27 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-27 20:42:00 0 d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-02-27 20:40:57 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-02-27 20:40:56 0 d-----w- c:\program files\AMD
2010-02-27 20:30:02 0 d-----w- c:\program files\Eidos
2010-02-27 16:28:11 599552 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-02-27 16:28:11 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-02-27 16:26:41 0 d-----w- c:\windows\system32\xlive
2010-02-27 16:26:41 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-22 01:42:06 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-02-16 00:42:31 64900 ----a-w- c:\windows\system32\DVCState-{00000007-00000000-00000007-00001102-00000005-00311102}.rfx
2010-02-16 00:42:31 54164 ----a-w- c:\windows\system32\BMXStateBkp-{00000007-00000000-00000007-00001102-00000005-00311102}.rfx
2010-02-16 00:42:31 54164 ----a-w- c:\windows\system32\BMXState-{00000007-00000000-00000007-00001102-00000005-00311102}.rfx

==================== Find3M ====================

2010-03-16 12:22:36 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 12:22:27 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:18:57 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-21 23:18:44 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 18:26:54.25 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 slydell

slydell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 18 March 2010 - 10:19 AM

Can I give this a slight bump?

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:06 PM

Posted 18 March 2010 - 06:54 PM

Hello slydell,

QUOTE
Can I give this a slight bump?


It is never a good idea to "Bump" your post, as it will only delay
help for your log
!

When selecting logs we generally use two criteria to
look for unanswered logs.

1. We started from the oldest to the most recent. That means if you
keep bumping, your log is at the top of the list, and since we do not work
from the top, it will be looked at last!!

2. We look for first for posts with no replies. A bump is a reply so
you get pushed further down the response ladder.


QUOTE
I disabled system restore and ...


Do NOT disable System Restore! This rule applies to any manual fixes and is especially true for spyware removal.
That is because disabling System Restore wipes out all restore points.

Should a problem arise during the fix you would have NO good working configuration to go back to get the computer up and running.

Even if you have to start over removing infections, this is preferable to a dead PC thanks to having System Restore turned off.

Clean the restore folder and set a new point AFTER the PC is clean and all programs are working properly.

Please turn turn on System Restore.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

**********************

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**********************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

**********************

To get an idea about the current condition of your computer, download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Select Files and Folders created in last 3 months
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1: The logs will be created in this folder: C:\rsit

Note 2: The tool takes not more than one minute to scan the system.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 slydell

slydell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 19 March 2010 - 07:09 AM

Thank you very much for your response. I have proceeded with your instructions and the malware scan found 14 infected files. I've attached the 4 logs that you've requested. I believe everything is working fine, except that I get an error message when windows starts, that windows defender can not start due to another program, or something to that effect.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG Free 9.0
``````````````````````````````
Anti-malware/Other Utilities Check:

Windows Defender
Trojan Remover 6.8.0
Java™ 6 Update 18
Java™ 6 Update 7
Java Auto Updater
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


Malwarebytes' Anti-Malware 1.44
Database version: 3884
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/19/2010 8:02:01 AM
mbam-log-2010-03-19 (08-02-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 235889
Time elapsed: 1 hour(s), 31 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TDSSdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Brian Hans\Application Data\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian Hans\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Brian Hans at 2010-03-18 22:05:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 167 GB (70%) free of 238 GB
Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:40 PM, on 3/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Steam\steam.exe
C:\Documents and Settings\Brian Hans\Desktop\RSIT.exe
C:\Program Files\trend micro\Brian Hans.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [gisesedumi] Rundll32.exe "C:\WINDOWS\system32\gojejuru.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [gisesedumi] Rundll32.exe "C:\WINDOWS\system32\gojejuru.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7194 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-16 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2007-09-06 1426432]
"CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176]
"Cpu Level Up help"=C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-09-11 880640]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe [2009-08-22 2781184]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-16 2059544]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-07-25 1067912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a82dca30]
C:\WINDOWS\system32\tinezevu.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMab1ef9ac]
c:\windows\system32\tavuhuti.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2006-12-12 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-24 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM95\\DeadAIM.ocm [2003-02-24 266313]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gisesedumi]
C:\WINDOWS\system32\gojejuru.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
C:\WINDOWS\MIDIDef.exe [2006-05-23 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\Brian Hans\Application Data\SpeedRunner\SpeedRunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-02-21 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-01-27 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian Hans^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
E:\Support\Register\RegistrationReminder.exe -d 803867 -l english -r 7 -g Brothers In Arms -c united -i []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-16 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\nukutowe.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe"="C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"="C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman Arkham Asylum"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{687ae637-5e18-11dd-ac4e-806d6172696f}]
shell\AutoRun\command - D:\_aomg.exe


======List of files/folders created in the last 3 months======

2010-03-18 22:05:31 ----D---- C:\Program Files\trend micro
2010-03-18 22:05:25 ----D---- C:\rsit
2010-03-18 21:54:57 ----D---- C:\Documents and Settings\Brian Hans\Application Data\Malwarebytes
2010-03-18 21:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-18 21:54:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-16 21:43:44 ----D---- C:\Program Files\ESET
2010-03-16 19:32:36 ----D---- C:\Program Files\Trojan Remover
2010-03-16 19:32:36 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-03-16 19:30:13 ----D---- C:\Documents and Settings\Brian Hans\Application Data\BitTorrent
2010-03-16 19:29:57 ----D---- C:\Program Files\BitTorrent
2010-03-16 19:14:18 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-03-16 19:14:18 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-03-16 19:14:18 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-03-16 19:14:18 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2010-03-16 19:14:18 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-03-16 19:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-16 19:08:41 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-16 19:08:41 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-16 19:08:41 ----A---- C:\WINDOWS\system32\java.exe
2010-03-16 18:11:04 ----D---- C:\Program Files\TrendMicro
2010-03-16 08:22:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-15 21:28:27 ----HD---- C:\$AVG
2010-03-15 21:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-03-11 04:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-27 16:44:47 ----RHD---- C:\Documents and Settings\Brian Hans\Application Data\SecuROM
2010-02-27 16:42:00 ----D---- C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP
2010-02-27 16:30:02 ----D---- C:\Program Files\Eidos
2010-02-27 12:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2010-02-27 12:26:41 ----D---- C:\WINDOWS\system32\xlive
2010-02-27 12:26:41 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-02-24 09:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-21 21:42:06 ----D---- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-02-08 23:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-08 23:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-08 23:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-08 23:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-08 23:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-08 23:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-08 23:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-08 23:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-08 23:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-07 23:26:56 ----D---- C:\Program Files\AGEIA Technologies
2010-02-07 23:25:33 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-02-07 23:25:33 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-02-07 23:25:33 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-02-07 23:25:33 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-02-07 23:25:33 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-02-07 23:25:30 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-02-07 23:25:30 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-02-07 23:25:30 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-02-07 23:25:30 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-02-07 23:17:13 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-02-07 10:49:35 ----D---- C:\Program Files\Phyxion.net
2010-02-06 00:20:43 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-06 00:20:15 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-02-06 00:20:14 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-02-06 00:20:14 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-02-06 00:20:14 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-02-06 00:20:13 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-02-06 00:20:13 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-02-06 00:20:13 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-02-06 00:20:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-02-06 00:20:12 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-02-06 00:20:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-02-06 00:20:12 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-02-06 00:20:12 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-02-06 00:20:11 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-02-06 00:20:11 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-02-06 00:20:11 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-02-06 00:20:11 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-02-06 00:20:11 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-02-06 00:20:10 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-02-06 00:20:10 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-02-06 00:20:10 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-02-06 00:20:10 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-02-06 00:20:10 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-02-06 00:20:10 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-02-06 00:20:09 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-02-06 00:20:09 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-02-06 00:20:09 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-02-06 00:20:09 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-02-06 00:20:08 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-02-06 00:20:08 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-02-06 00:20:08 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-02-06 00:20:08 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-02-06 00:20:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-02-06 00:20:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-02-06 00:20:07 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-02-06 00:20:07 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-02-06 00:20:07 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-02-06 00:20:07 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-02-06 00:20:06 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-02-06 00:20:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-02-06 00:20:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-02-06 00:19:20 ----D---- C:\WINDOWS\Logs
2010-02-05 22:56:12 ----D---- C:\Program Files\iPod
2010-02-05 22:56:05 ----D---- C:\Program Files\iTunes
2010-02-05 22:54:04 ----D---- C:\Program Files\QuickTime
2010-01-13 09:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 23:17:44 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-01-11 23:17:44 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-01-11 23:17:44 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-01-11 23:17:44 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-01-11 23:17:44 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-01-11 23:17:40 ----A---- C:\WINDOWS\system32\nvwddi.dll

======List of files/folders modified in the last 3 months======

2010-03-18 22:05:31 ----RD---- C:\Program Files
2010-03-18 22:05:22 ----D---- C:\WINDOWS\Prefetch
2010-03-18 21:58:46 ----D---- C:\Program Files\Steam
2010-03-18 21:55:47 ----D---- C:\WINDOWS\Temp
2010-03-18 21:54:54 ----D---- C:\WINDOWS\system32\drivers
2010-03-17 20:12:33 ----D---- C:\Program Files\SpeedFan
2010-03-17 08:10:35 ----SHD---- C:\WINDOWS\Installer
2010-03-17 08:09:47 ----SD---- C:\WINDOWS\Tasks
2010-03-16 19:45:22 ----SHD---- C:\System Volume Information
2010-03-16 19:45:22 ----D---- C:\WINDOWS\system32\Restore
2010-03-16 19:17:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-16 19:14:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-16 19:14:18 ----D---- C:\WINDOWS\system32
2010-03-16 19:10:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-16 19:10:02 ----RSH---- C:\boot.ini
2010-03-16 19:10:02 ----A---- C:\WINDOWS\win.ini
2010-03-16 19:10:02 ----A---- C:\WINDOWS\system.ini
2010-03-16 19:08:40 ----D---- C:\Program Files\Java
2010-03-16 08:21:44 ----D---- C:\Program Files\Mozilla Firefox
2010-03-15 21:33:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-15 21:27:49 ----D---- C:\Program Files\AVG
2010-03-15 21:22:20 ----D---- C:\WINDOWS
2010-03-14 22:27:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-14 22:02:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-14 21:59:35 ----D---- C:\WINDOWS\system32\config
2010-03-14 21:59:19 ----D---- C:\WINDOWS\system32\wbem
2010-03-14 21:59:18 ----D---- C:\WINDOWS\Registration
2010-03-11 04:07:32 ----HD---- C:\WINDOWS\inf
2010-03-11 04:07:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 04:07:18 ----D---- C:\Program Files\Movie Maker
2010-03-11 04:06:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-02 01:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-27 16:41:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-27 16:41:55 ----D---- C:\WINDOWS\system32\DirectX
2010-02-27 16:41:38 ----RSD---- C:\WINDOWS\assembly
2010-02-27 16:41:09 ----SD---- C:\Documents and Settings\Brian Hans\Application Data\Microsoft
2010-02-27 12:28:29 ----A---- C:\WINDOWS\imsins.BAK
2010-02-24 10:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-21 19:18:44 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-02-07 23:27:20 ----D---- C:\WINDOWS\Help
2010-02-07 23:27:20 ----D---- C:\Program Files\NVIDIA Corporation
2010-02-07 23:26:26 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-07 10:46:37 ----D---- C:\Program Files\Driver Sweeper
2010-02-06 00:20:52 ----D---- C:\WINDOWS\WinSxS
2010-02-06 00:20:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-05 22:56:10 ----D---- C:\Program Files\Common Files\Apple
2010-01-30 11:54:51 ----D---- C:\My Shared Folder
2010-01-30 11:54:48 ----D---- C:\Incomplete
2010-01-24 22:23:28 ----D---- C:\WINDOWS\Minidump
2010-01-23 04:11:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-01-21 23:10:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-21 23:08:30 ----D---- C:\Program Files\Internet Explorer
2010-01-13 09:32:12 ----D---- C:\WINDOWS\AppPatch
2010-01-03 13:47:10 ----D---- C:\WINDOWS\system32\RTCOM
2009-12-22 09:44:53 ----D---- C:\Program Files\Xfire
2009-12-21 15:14:05 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-21 15:14:05 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 15:14:04 ----A---- C:\WINDOWS\system32\occache.dll
2009-12-21 15:14:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 15:14:03 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 15:14:02 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 15:14:01 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 09:19:18 ----N---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-16 29512]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-16 242696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-23 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-23 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-23 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-23 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-23 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-23 1110016]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-10-12 54144]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-10-12 22016]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-23 116224]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 TDSSserv.sys;TDSSserv.sys; C:\WINDOWS\system32\drivers\TDSSserv.sys.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2006-05-23 87552]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2006-05-23 158720]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2006-05-23 536576]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2006-05-23 160768]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2006-05-23 269824]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2006-05-23 115200]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2006-05-23 317952]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL []
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2006-05-23 1170432]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2006-05-23 61952]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2006-05-23 548352]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-16 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-25 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-02-21 189480]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-03-18 22:06:47

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Age of Mythology Gold-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
AI Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
America's Army Deploy Client-->MsiExec.exe /I{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
AOL® Instant Messenger™-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Batman Arkham Asylum-->MsiExec.exe /I{534307FF-5462-4D80-B40C-F81000018300}
Batman Arkham Asylum-->MsiExec.exe /X{534307FF-5462-4D80-B40C-F81000018300}
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brothers In Arms-->C:\Program Files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DeadAIM-->MsiExec.exe /I{25AF0BD1-DF07-4447-8E91-28E99617C556}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Sweeper 2.1.0-->"C:\Program Files\Phyxion.net\Driver Sweeper\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Fraps-->"C:\Fraps\uninstall.exe"
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HandBrake 0.9.3-->C:\Program Files\HandBrake\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition-->"C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/20
Trojan Remover 6.8.0-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48963B63-7A10-49D6-8B08-61E6132453D0}\Setup.exe" -l0x9
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HANSIE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11008
Source Name: Tcpip
Time Written: 20100103125530.000000-300
Event Type: warning
User:

Computer Name: HANSIE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 10971
Source Name: W32Time
Time Written: 20100102084617.000000-300
Event Type: warning
User:

Computer Name: HANSIE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 10944
Source Name: W32Time
Time Written: 20091231111328.000000-300
Event Type: warning
User:

Computer Name: HANSIE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 10901
Source Name: Tcpip
Time Written: 20091228085815.000000-300
Event Type: warning
User:

Computer Name: HANSIE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 10898
Source Name: W32Time
Time Written: 20091227064058.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: HANSIE
Event Code: 0
Message:
Record Number: 404
Source Name:
Time Written: 20081031212637.000000-240
Event Type: error
User:

Computer Name: HANSIE
Event Code: 0
Message:
Record Number: 403
Source Name:
Time Written: 20081029212512.000000-240
Event Type: error
User:

Computer Name: HANSIE
Event Code: 0
Message:
Record Number: 398
Source Name:
Time Written: 20081025190542.000000-240
Event Type: error
User:

Computer Name: HANSIE
Event Code: 0
Message:
Record Number: 344
Source Name:
Time Written: 20081019221204.000000-240
Event Type: error
User:

Computer Name: HANSIE
Event Code: 1013
Message: Product: Adobe Reader 9 -- A process is running that cannot be shut down by Setup. Please either close all applications and run Setup again, or restart your computer and run Setup again.

Record Number: 325
Source Name: MsiInstaller
Time Written: 20081015203726.000000-240
Event Type: error
User: HANSIE\Brian Hans

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files


Edited by SifuMike, 19 March 2010 - 10:14 AM.
insert logs for easy reading


#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:06 PM

Posted 19 March 2010 - 10:28 AM

Hi slydell,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

To work properly, you must install ComboFix on the Desktop. <==IMPORTANT

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
DO NOT attach any log as that makes it hard to read.

The ComboFix log will be save as C:\ComboFix.txt

Edited by SifuMike, 19 March 2010 - 10:31 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 slydell

slydell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 20 March 2010 - 08:57 AM

Hello, I've attached the contents of the combofix log:


ComboFix 10-03-19.08 - Brian Hans 03/20/2010 9:43.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1157 [GMT -4:00]
Running from: c:\documents and settings\Brian Hans\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brian Hans\Local Settings\Temporary Internet Files\588b12.jpg
c:\documents and settings\Brian Hans\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Brian Hans\Local Settings\Temporary Internet Files\Jy3yX3.jpg
c:\documents and settings\Brian Hans\Local Settings\Temporary Internet Files\n21XnAjaY.jpg
c:\documents and settings\Brian Hans\Local Settings\Temporary Internet Files\Xkx17Xyan.jpg
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 12:13 . 2009-08-02 21:49 3036024 ----a-w- c:\documents and settings\Brian Hans\Application Data\Simply Super Software\Trojan Remover\jhi19.exe
2010-03-19 02:05 . 2010-03-19 02:06 -------- d-----w- c:\program files\trend micro
2010-03-19 02:05 . 2010-03-19 02:06 -------- d-----w- C:\rsit
2010-03-19 01:54 . 2010-03-19 01:54 -------- d-----w- c:\documents and settings\Brian Hans\Application Data\Malwarebytes
2010-03-19 01:54 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 01:54 . 2010-03-19 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 01:54 . 2010-03-19 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-19 01:54 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 23:32 . 2010-03-16 23:35 -------- d-----w- c:\program files\Trojan Remover
2010-03-16 23:32 . 2010-03-16 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-16 23:30 . 2010-03-16 23:41 -------- d-----w- c:\documents and settings\Brian Hans\Application Data\BitTorrent
2010-03-16 23:29 . 2010-03-16 23:29 -------- d-----w- c:\program files\BitTorrent
2010-03-16 23:14 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-16 23:14 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-16 23:14 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-16 23:14 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-16 23:14 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-16 23:08 . 2010-03-16 23:08 61440 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26bfe010-n\decora-sse.dll
2010-03-16 23:08 . 2010-03-16 23:08 503808 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d178fe4-n\msvcp71.dll
2010-03-16 23:08 . 2010-03-16 23:08 499712 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d178fe4-n\jmc.dll
2010-03-16 23:08 . 2010-03-16 23:08 348160 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d178fe4-n\msvcr71.dll
2010-03-16 23:08 . 2010-03-16 23:08 12800 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26bfe010-n\decora-d3d.dll
2010-03-16 22:11 . 2010-03-16 22:11 388096 ----a-r- c:\documents and settings\Brian Hans\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-16 22:11 . 2010-03-16 22:11 -------- d-----w- c:\program files\TrendMicro
2010-03-16 12:22 . 2010-03-16 12:22 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-16 12:22 . 2010-03-16 12:22 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-16 12:22 . 2010-03-16 12:22 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-16 12:22 . 2010-03-16 12:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 12:22 . 2010-03-16 01:27 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-16 12:22 . 2010-03-16 01:27 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-16 12:22 . 2010-03-16 01:27 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-16 12:22 . 2010-03-16 01:27 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-16 01:33 . 2010-03-16 01:27 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-16 01:33 . 2010-03-16 01:27 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-16 01:28 . 2010-03-16 12:24 -------- d-----w- C:\$AVG
2010-03-16 01:27 . 2010-03-16 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 01:59 . 2010-03-15 01:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 15:36 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-27 20:44 . 2010-02-27 20:44 -------- d--h--r- c:\documents and settings\Brian Hans\Application Data\SecuROM
2010-02-27 20:42 . 2010-02-27 20:42 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-02-27 20:40 . 2010-02-27 20:40 -------- d-----w- c:\documents and settings\Brian Hans\Local Settings\Application Data\Downloaded Installations
2010-02-27 20:30 . 2010-02-27 20:30 -------- d-----w- c:\program files\Eidos
2010-02-27 16:28 . 2008-11-13 14:18 599552 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-02-27 16:28 . 2008-11-13 14:18 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-02-27 16:26 . 2010-02-27 16:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-27 16:26 . 2010-02-27 16:26 -------- d-----w- c:\windows\system32\xlive
2010-02-22 01:42 . 2010-02-22 01:42 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 01:58 . 2008-07-30 13:56 -------- d-----w- c:\program files\Steam
2010-03-18 00:12 . 2008-07-31 02:47 -------- d-----w- c:\program files\SpeedFan
2010-03-16 23:17 . 2008-07-30 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-16 23:08 . 2008-08-19 23:42 -------- d-----w- c:\program files\Java
2010-03-16 12:22 . 2008-07-30 03:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 12:22 . 2008-07-30 03:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:22 . 2008-07-30 03:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 01:27 . 2008-07-30 03:10 -------- d-----w- c:\program files\AVG
2010-03-13 21:02 . 2010-01-04 12:33 197064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-27 20:41 . 2008-07-30 03:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-24 14:16 . 2009-10-03 02:18 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:18 . 2008-07-31 02:06 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-21 23:18 . 2008-07-31 02:06 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-08 03:27 . 2008-07-30 14:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-08 03:26 . 2010-02-08 03:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-07 14:49 . 2010-02-07 14:49 -------- d-----w- c:\program files\Phyxion.net
2010-02-07 14:46 . 2009-10-31 15:02 -------- d-----w- c:\program files\Driver Sweeper
2010-02-06 02:56 . 2010-02-06 02:56 -------- d-----w- c:\program files\iTunes
2010-02-06 02:56 . 2010-02-06 02:56 -------- d-----w- c:\program files\iPod
2010-02-06 02:56 . 2008-07-31 01:29 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 02:54 . 2010-02-06 02:54 -------- d-----w- c:\program files\QuickTime
2010-02-06 02:50 . 2010-02-06 02:50 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 03:10 . 2009-03-22 21:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-12 04:03 . 2010-02-08 03:25 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2010-02-08 03:25 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2010-02-08 03:25 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2010-02-08 03:25 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2010-02-08 03:25 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2010-02-08 03:25 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2010-02-08 03:25 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2010-02-08 03:25 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2010-02-08 03:25 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2010-02-08 03:25 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2010-02-08 03:17 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2010-02-08 03:17 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-07-25 1067912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Brian Hans^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\documents and settings\Brian Hans\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 14:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-05-24 04:20 18944 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2003-02-24 20:11 266313 ----a-w- c:\progra~1\AIM95\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2006-05-24 03:32 25600 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-21 21:41 1217872 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2008 11:10 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2008 11:10 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 8:22 AM 308064]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brian Hans\Application Data\Mozilla\Firefox\Profiles\bq6vxiuz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-a82dca30 - c:\windows\system32\tinezevu.dll
MSConfigStartUp-Alcmtr - ALCMTR.EXE
MSConfigStartUp-AlcWzrd - ALCWZRD.EXE
MSConfigStartUp-amd_dc_opt - c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-CPMab1ef9ac - c:\windows\system32\tavuhuti.dll
MSConfigStartUp-gisesedumi - c:\windows\system32\gojejuru.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-RTHDCPL - RTHDCPL.EXE
MSConfigStartUp-SoundMan - SOUNDMAN.EXE
MSConfigStartUp-SpeedRunner - c:\documents and settings\Brian Hans\Application Data\SpeedRunner\SpeedRunner.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 09:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1592454029-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:6d,35,50,5b,4f,79,f8,d2,6e,09,9b,0f,27,4d,25,b3,fe,84,db,14,58,
90,f8,ea,ab,08,d7,dd,23,e4,9a,b4,83,8f,61,8a,b1,0c,0b,2c,22,0d,ed,46,e0,f3,\
"rkeysecu"=hex:0a,a5,53,f9,61,cd,8f,66,00,85,f0,ed,a8,12,f0,37
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-20 09:52:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 13:52

Pre-Run: 174,874,505,216 bytes free
Post-Run: 175,042,781,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 97E7E8EBD61F24B57AA142636E350C1D

Edited by slydell, 20 March 2010 - 08:59 AM.


#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:06 PM

Posted 20 March 2010 - 10:16 AM

Hi slydell,

You are using an outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
    Adobe Reader 7.1.0
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.
Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.

You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/

**************

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    Please download Java Version 6 Update 18
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 7

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.

Please make sure you turn on the Java Automatic Update Feature
http://java.com/en/download/help/java_update.xml#howto

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.
Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

**************


You need to disable your AVG Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

CODE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. Do not attach your log.
The combofix log can also be found at C:\ComboFix.txt.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 slydell

slydell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 20 March 2010 - 04:18 PM

Here is the new log:

ComboFix 10-03-19.08 - Brian Hans 03/20/2010 17:08:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1457 [GMT -4:00]
Running from: c:\documents and settings\Brian Hans\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian Hans\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 21:05 . 2010-03-20 21:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-20 20:58 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Brian Hans\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-19 12:13 . 2009-08-02 21:49 3036024 ----a-w- c:\documents and settings\Brian Hans\Application Data\Simply Super Software\Trojan Remover\jhi19.exe
2010-03-19 02:05 . 2010-03-19 02:06 -------- d-----w- c:\program files\trend micro
2010-03-19 02:05 . 2010-03-19 02:06 -------- d-----w- C:\rsit
2010-03-19 01:54 . 2010-03-19 01:54 -------- d-----w- c:\documents and settings\Brian Hans\Application Data\Malwarebytes
2010-03-19 01:54 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 01:54 . 2010-03-19 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 01:54 . 2010-03-19 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-19 01:54 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 23:32 . 2010-03-16 23:35 -------- d-----w- c:\program files\Trojan Remover
2010-03-16 23:32 . 2010-03-16 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-16 23:30 . 2010-03-16 23:41 -------- d-----w- c:\documents and settings\Brian Hans\Application Data\BitTorrent
2010-03-16 23:29 . 2010-03-16 23:29 -------- d-----w- c:\program files\BitTorrent
2010-03-16 23:14 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-16 23:14 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-16 23:14 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-16 23:14 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-16 23:14 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-16 23:08 . 2010-03-16 23:08 61440 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26bfe010-n\decora-sse.dll
2010-03-16 23:08 . 2010-03-16 23:08 503808 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d178fe4-n\msvcp71.dll
2010-03-16 23:08 . 2010-03-16 23:08 499712 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d178fe4-n\jmc.dll
2010-03-16 23:08 . 2010-03-16 23:08 348160 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d178fe4-n\msvcr71.dll
2010-03-16 23:08 . 2010-03-16 23:08 12800 ----a-w- c:\documents and settings\Brian Hans\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26bfe010-n\decora-d3d.dll
2010-03-16 22:11 . 2010-03-16 22:11 388096 ----a-r- c:\documents and settings\Brian Hans\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-16 22:11 . 2010-03-16 22:11 -------- d-----w- c:\program files\TrendMicro
2010-03-16 12:22 . 2010-03-16 12:22 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-16 12:22 . 2010-03-16 12:22 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-16 12:22 . 2010-03-16 12:22 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-16 12:22 . 2010-03-16 12:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 12:22 . 2010-03-16 01:27 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-16 12:22 . 2010-03-16 01:27 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-16 12:22 . 2010-03-16 01:27 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-16 12:22 . 2010-03-16 01:27 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-16 01:33 . 2010-03-16 01:27 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-16 01:33 . 2010-03-16 01:27 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-16 01:28 . 2010-03-16 12:24 -------- d-----w- C:\$AVG
2010-03-16 01:27 . 2010-03-16 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 01:59 . 2010-03-15 01:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 15:36 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-27 20:44 . 2010-02-27 20:44 -------- d--h--r- c:\documents and settings\Brian Hans\Application Data\SecuROM
2010-02-27 20:42 . 2010-02-27 20:42 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-02-27 20:40 . 2010-02-27 20:40 -------- d-----w- c:\documents and settings\Brian Hans\Local Settings\Application Data\Downloaded Installations
2010-02-27 20:30 . 2010-02-27 20:30 -------- d-----w- c:\program files\Eidos
2010-02-27 16:28 . 2008-11-13 14:18 599552 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-02-27 16:28 . 2008-11-13 14:18 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-02-27 16:26 . 2010-02-27 16:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-27 16:26 . 2010-02-27 16:26 -------- d-----w- c:\windows\system32\xlive
2010-02-22 01:42 . 2010-02-22 01:42 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 21:03 . 2008-08-19 23:42 -------- d-----w- c:\program files\Java
2010-03-20 21:03 . 2008-08-19 23:42 -------- d-----w- c:\program files\Common Files\Java
2010-03-20 15:13 . 2008-07-30 13:56 -------- d-----w- c:\program files\Steam
2010-03-18 00:12 . 2008-07-31 02:47 -------- d-----w- c:\program files\SpeedFan
2010-03-16 23:17 . 2008-07-30 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-16 12:22 . 2008-07-30 03:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 12:22 . 2008-07-30 03:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:22 . 2008-07-30 03:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 01:27 . 2008-07-30 03:10 -------- d-----w- c:\program files\AVG
2010-03-13 21:02 . 2010-01-04 12:33 197064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-27 20:41 . 2008-07-30 03:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-24 14:16 . 2009-10-03 02:18 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:18 . 2008-07-31 02:06 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-21 23:18 . 2008-07-31 02:06 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-08 03:27 . 2008-07-30 14:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-08 03:26 . 2010-02-08 03:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-07 14:49 . 2010-02-07 14:49 -------- d-----w- c:\program files\Phyxion.net
2010-02-07 14:46 . 2009-10-31 15:02 -------- d-----w- c:\program files\Driver Sweeper
2010-02-06 02:56 . 2010-02-06 02:56 -------- d-----w- c:\program files\iTunes
2010-02-06 02:56 . 2010-02-06 02:56 -------- d-----w- c:\program files\iPod
2010-02-06 02:56 . 2008-07-31 01:29 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 02:54 . 2010-02-06 02:54 -------- d-----w- c:\program files\QuickTime
2010-02-06 02:50 . 2010-02-06 02:50 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 03:10 . 2009-03-22 21:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-12 04:03 . 2010-02-08 03:25 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2010-02-08 03:25 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2010-02-08 03:25 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2010-02-08 03:25 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2010-02-08 03:25 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2010-02-08 03:25 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2010-02-08 03:25 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2010-02-08 03:25 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2010-02-08 03:25 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2010-02-08 03:25 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2010-02-08 03:17 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2010-02-08 03:17 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-20_13.47.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-20 20:57 . 2010-03-20 20:57 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
- 2010-03-20 13:47 . 2010-03-20 13:47 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2010-03-20 21:05 . 2010-03-20 21:05 3940352 c:\windows\Installer\179e7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-07-25 1067912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Brian Hans^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\documents and settings\Brian Hans\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 14:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-05-24 04:20 18944 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2003-02-24 20:11 266313 ----a-w- c:\progra~1\AIM95\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2006-05-24 03:32 25600 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-21 21:41 1217872 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2008 11:10 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2008 11:10 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 8:22 AM 308064]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brian Hans\Application Data\Mozilla\Firefox\Profiles\bq6vxiuz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1592454029-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:6d,35,50,5b,4f,79,f8,d2,6e,09,9b,0f,27,4d,25,b3,fe,84,db,14,58,
90,f8,ea,ab,08,d7,dd,23,e4,9a,b4,83,8f,61,8a,b1,0c,0b,2c,22,0d,ed,46,e0,f3,\
"rkeysecu"=hex:0a,a5,53,f9,61,cd,8f,66,00,85,f0,ed,a8,12,f0,37
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-20 17:15:46
ComboFix-quarantined-files.txt 2010-03-20 21:15
ComboFix2.txt 2010-03-20 13:52

Pre-Run: 174,969,786,368 bytes free
Post-Run: 174,935,638,016 bytes free

- - End Of File - - D5C2E9D9166FB2534749547A84DE7ED6


#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:06 PM

Posted 20 March 2010 - 04:58 PM

Hi slydell,

Now we look for stragglers.

Please do an online scan with Kaspersky WebScanner

Attention!
Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.


Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


You can refer to this animation by sundavis if needed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 slydell

slydell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 20 March 2010 - 07:11 PM

Scan Report Below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, March 20, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, March 20, 2010 19:11:10
Records in database: 3828572
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 106231
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:26:54


File name / Threat / Threats count
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:06 PM

Posted 20 March 2010 - 08:47 PM

Hi slydell,

Those two files are OK.

How is the computer running?

If all OK, then we will do the program clean up and empty the System Restore folder.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 slydell

slydell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 20 March 2010 - 08:51 PM

Everything is running great. Thanks for all your help so far.

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:06 PM

Posted 20 March 2010 - 09:02 PM

Hi slydell,

Your very welcome. smile.gif

OK, time for the program clean up.

Delete RSIT, SecurityCheck from your desktop.

Delete the C:\rsit folder.

Remove Combofix now that we're done with it.
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

  • The following will implement some very important cleanup procedures as well as reset System Restore points.



Please read and follow
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.


Now your good to go! thumbup.gif



If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users