Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Vundo, Rogue.SecurityEssentials2010


  • This topic is locked This topic is locked
14 replies to this topic

#1 buddhafish

buddhafish

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 17 April 2010 - 05:37 PM

Hi, I've been getting my butt kicked repeatedly by the Vista Security 2010 virus, and I cannot eradicate it. I get infections several times a day, and have run MBAM each time to remove it, put up pops ave.exe and the fun starts all over again. Any help will be warmly received. ;-)

edit; It also redirects, pops up with spam sites and tries to prevent me running most anti-virus software. I should add that I meant to put a question mark after the 'Vundo' in the topic title, that was just based on an MBAM log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris Davis at 22:36:35.83 on 17/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1603 [GMT 1:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SqueezeCenter\server\squeezecenter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wuauclt.exe
svchost.exe "C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0u.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris Davis\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextWon&ssPageName=STRK:ME:LNLK:MEWNX
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp:\\www.samsungcomputer.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\chris davis\appdata\roaming\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [{6876287E-F8F7-D3B0-1E77-DDEBF24E1881}] "c:\users\chris davis\appdata\roaming\xeerxu\elukp.exe"
uRun: [userinit] c:\users\chris davis\appdata\roaming\sdra64.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = firefox.exe
dPolicies-disallowrun: 2 = opera.exe
dPolicies-disallowrun: 3 = chrome.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\chrisd~1\appdata\roaming\mozilla\firefox\profiles\ixabem60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\users\chris davis\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-2 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-19 60936]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2007-12-11 13312]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-11 90112]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]
R2 squeezesvc;SqueezeCenter;c:\program files\squeezecenter\server\squeezecenter.exe [2009-8-10 10080343]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-27 38224]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-2-9 243840]
S2 seclogonProtectedStorage;Secondary Logon seclogonProtectedStorage;c:\windows\system32\actionqueuej.exe srv --> c:\windows\system32\ActionQueuej.exe srv [?]
S2 SessionEnvRasAuto;Terminal Services Configuration SessionEnvRasAuto;c:\windows\system32\acwe.exe srv --> c:\windows\system32\ACWe.exe srv [?]
S2 SysMainWerSvc;Superfetch SysMainWerSvc;c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-2p-0u.exe srv --> c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0u.exe srv [?]
S2 TBSFDResPub;TPM Base Services TBSFDResPub;c:\windows\system32\advancedinstallersa.exe srv --> c:\windows\system32\AdvancedInstallersa.exe srv [?]
S2 UxSmsAppinfo;Desktop Window Manager Session Manager UxSmsAppinfo;c:\windows\system32\acwizardf.exe srv --> c:\windows\system32\acwizardf.exe srv [?]
S2 WlansvcPcaSvc;WLAN AutoConfig WlansvcPcaSvc;c:\windows\system32\admparseq.exe srv --> c:\windows\system32\admparseq.exe srv [?]
S2 WPCSvcslsvc;Parental Controls WPCSvcslsvc;c:\windows\system32\agcpanelswedisht.exe srv --> c:\windows\system32\AgCPanelSwedisht.exe srv [?]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2009-4-30 8960]
S3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\drivers\BCD3000.SYS [2008-3-30 42496]
S3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\drivers\BCD3000WDM.SYS [2008-3-30 21600]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-4-30 17152]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2008-3-20 47104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-3 21504]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2008-3-20 130432]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-3-20 41984]
S3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-28 16472]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-22 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-22 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-22 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-22 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-22 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-22 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-22 115752]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-17 08:52:32 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-17 08:52:32 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-17 08:52:29 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-17 08:52:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-17 08:52:28 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-16 15:18:10 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 15:16:56 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 19:28:31 0 d-----w- c:\programdata\BVRP Software
2010-04-07 09:32:15 32 --s-a-w- c:\windows\system32\74768828.dat
2010-04-06 15:30:58 0 d-----w- c:\program files\TrendMicro
2010-04-04 22:46:01 0 d-----w- c:\users\chrisd~1\appdata\roaming\Avira
2010-04-04 22:24:59 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-04 22:24:53 0 d-----w- c:\users\chrisd~1\appdata\roaming\SUPERAntiSpyware.com
2010-04-04 22:24:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 16:50:04 0 d-----w- c:\programdata\Avira
2010-04-02 16:50:04 0 d-----w- c:\program files\Avira
2010-04-02 16:45:33 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-24 20:48:01 0 d-----w- c:\windows\pss

==================== Find3M ====================

2010-04-17 21:11:07 354304 ----a-w- c:\programdata\nvModes.dat
2010-04-16 15:34:15 9617 ----a-w- c:\windows\system32\dmlg.dat
2010-04-11 00:04:11 86016 ----a-w- c:\windows\inf\infpub.dat
2010-04-11 00:04:11 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-11 00:04:10 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 19:46:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-16 19:46:00 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-16 19:46:00 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 19:46:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 19:46:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-12 10:26:36 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-01 18:31:58 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-28 22:16:32 57497 ----a-w- c:\users\chrisd~1\appdata\roaming\nvModes.dat
2010-02-24 10:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-11 20:20:44 148736 ----a-w- c:\programdata\hpe9030.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-18 07:46:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-02-27 15:39:31 597 ----a-w- c:\program files\Main Program - Shortcut.lnk
2008-04-12 14:24:18 18321 ----a-w- c:\program files\copying
2008-04-03 19:38:54 174 --sha-w- c:\program files\desktop.ini
2007-10-28 22:29:11 969 ----a-w- c:\program files\DOTCOM1.NFO
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-26 20:06:12 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\mshist012009012620090127\index.dat
2009-10-29 10:35:36 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 22:38:34.56 ===============

Edited by buddhafish, 17 April 2010 - 06:08 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 22 April 2010 - 10:34 PM

Hi buddhafish,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don''t hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 23 April 2010 - 02:18 AM

Thanks for your attention. I'll get onto the scans asap. thumbup2.gif

#4 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 23 April 2010 - 05:58 AM

Scans as requested;

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4024

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

23/04/2010 10:02:58
mbam-log-2010-04-23 (10-02-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 298349
Time elapsed: 1 hour(s), 38 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Chris Davis\AppData\Local\Temp\C6C5.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.


--------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 11:32:01
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\CHRISD~1\AppData\Local\Temp\kwlcqfow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8AB5B320]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 811 824AEE08 4 Bytes [20, B3, B5, 8A]
? System32\drivers\gptlf.sys The system cannot find the path specified. !
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x8A76A014]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 77884D34 5 Bytes JMP 0031000A
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 77885674 5 Bytes JMP 007A000A
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!KiUserExceptionDispatcher 77885DC8 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[1120] ole32.dll!CoCreateInstance 768A9EA6 5 Bytes JMP 0243000A
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!GetCursorPos 75F70B88 5 Bytes JMP 0247000A
.text C:\Windows\Explorer.EXE[2996] ntdll.dll!NtProtectVirtualMemory 77884D34 5 Bytes JMP 008C000A
.text C:\Windows\Explorer.EXE[2996] ntdll.dll!NtWriteVirtualMemory 77885674 5 Bytes JMP 008D000A
.text C:\Windows\Explorer.EXE[2996] ntdll.dll!KiUserExceptionDispatcher 77885DC8 5 Bytes JMP 008B000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8544BA9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f5f21a
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 23/04/2010 11:34:14 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Chris Davis\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.88 Gb Total Space | 14.05 Gb Free Space | 23.08% Space Free | Partition Type: NTFS
Drive D: | 162.00 Gb Total Space | 43.04 Gb Free Space | 26.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISDAVIS-LAP
Current User Name: Chris Davis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Chris Davis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\SqueezeCenter\server\squeezecenter.exe (SlimDevices - A Logitech Company)
PRC - C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe ()
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Chris Davis\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WPCSvcslsvc) -- File not found
SRV - (WlansvcPcaSvc) -- File not found
SRV - (UxSmsAppinfo) -- File not found
SRV - (TBSFDResPub) -- File not found
SRV - (SysMainWerSvc) -- File not found
SRV - (SessionEnvRasAuto) -- File not found
SRV - (seclogonProtectedStorage) -- File not found
SRV - (SCPolicySvcAudiosrv) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (squeezesvc) -- C:\Program Files\SqueezeCenter\server\squeezecenter.exe (SlimDevices - A Logitech Company)
SRV - (SqueezeMySQL) -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe ()
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wscsvcose) -- C:\Windows\System32\adsmsextv.exe ()
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (bautopw) -- C:\Windows\System32\drivers\bautopw.sys (BUFFALO INC.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (bfturboh) -- C:\Windows\System32\drivers\bfturboh.sys (BUFFALO INC.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (Hercules Technologies)
DRV - (HDJAsioK) -- C:\Windows\System32\drivers\HDJAsioK.sys (Hercules Technologies)
DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (Hercules Technologies)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEb...K:ME:LNLK:MEWNX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 10:06:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/18 00:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/17 21:44:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/18 00:05:20 | 000,000,000 | ---D | M]

[2008/08/26 13:48:19 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Extensions
[2010/04/22 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions
[2010/02/10 20:06:48 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/06/24 09:51:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/04 18:29:31 | 000,000,000 | ---D | M] (Slickerfox) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}(24)
[2010/04/13 22:14:15 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/04 18:29:35 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}(25)
[2009/11/23 21:42:27 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/02/27 01:43:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/19 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\check4change-owner@mozdev(235).org
[2009/02/07 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\nasanightlaunch@example(91).com
[2010/03/09 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\extensions\nasanightlaunch@example.com
[2010/02/19 16:40:24 | 000,002,163 | ---- | M] () -- C:\Users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\searchplugins\bing.xml
[2010/04/17 23:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 23:48:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 23:48:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/09 17:28:56 | 000,380,346 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13105 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{6876287E-F8F7-D3B0-1E77-DDEBF24E1881}] C:\Users\Chris Davis\AppData\Roaming\Xeerxu\elukp.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07b7d6a0-d62e-11dc-b667-001cbf78481c}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/04/03 20:30:54 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/18 11:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/04/17 23:57:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/17 23:48:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/17 23:48:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/17 23:48:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/17 23:48:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/17 10:22:25 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/17 10:22:25 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/17 10:22:13 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/17 09:52:32 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/17 09:52:32 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/13 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/04/11 00:57:39 | 011,597,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/04/11 00:57:39 | 004,513,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/04/11 00:57:39 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/04/11 00:57:39 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/04/11 00:57:37 | 015,235,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/04/11 00:57:37 | 009,393,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/04/11 00:57:36 | 002,647,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/04/11 00:57:36 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/04/11 00:57:34 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/04/11 00:57:33 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/04/11 00:57:33 | 001,299,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/04/11 00:57:33 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1910.dll
[2010/04/11 00:57:33 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/04/06 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/04/04 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Chris Davis\AppData\Roaming\Avira
[2010/04/04 23:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/04 23:24:53 | 000,000,000 | ---D | C] -- C:\Users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/04 23:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/02 17:50:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/02 17:50:06 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/04/02 17:50:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/02 17:50:06 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/04/02 17:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/02 17:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/02 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/01 17:53:02 | 000,000,000 | ---D | C] -- C:\Users\Chris Davis\Desktop\Product_files
[2010/04/01 08:00:07 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/01 08:00:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/01 08:00:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/01 08:00:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/01 08:00:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/01 08:00:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/01 08:00:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/01 08:00:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/01 08:00:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/01 08:00:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/01 08:00:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/01 08:00:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/01 08:00:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/01 08:00:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/01 08:00:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/24 21:48:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2006/11/24 23:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006/11/24 23:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

========== Files - Modified Within 30 Days ==========

[2010/04/23 11:36:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6CAF3F1F-4633-48AE-B54F-5BF7F021990E}.job
[2010/04/23 11:34:19 | 008,126,464 | -HS- | M] () -- C:\Users\Chris Davis\ntuser.dat
[2010/04/23 10:25:44 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010/04/23 10:20:48 | 000,354,304 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/23 10:20:48 | 000,354,304 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/23 10:04:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 10:04:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 10:04:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/23 10:04:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/23 10:03:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/23 10:03:22 | 000,524,288 | -HS- | M] () -- C:\Users\Chris Davis\ntuser.dat{2b40b308-f611-11dd-a136-001377676ca0}.TMContainer00000000000000000001.regtrans-ms
[2010/04/23 10:03:22 | 000,065,536 | -HS- | M] () -- C:\Users\Chris Davis\ntuser.dat{2b40b308-f611-11dd-a136-001377676ca0}.TM.blf
[2010/04/23 10:03:20 | 006,291,456 | -H-- | M] () -- C:\Users\Chris Davis\AppData\Local\IconCache.db
[2010/04/23 09:42:22 | 000,000,145 | --S- | M] () -- C:\Windows\System32\74768828.dat
[2010/04/22 16:22:55 | 000,010,490 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010/04/18 09:09:54 | 000,009,822 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\5sbBr21
[2010/04/18 09:09:54 | 000,009,822 | -HS- | M] () -- C:\ProgramData\5sbBr21
[2010/04/18 08:54:59 | 000,106,512 | ---- | M] () -- C:\Users\Chris Davis\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/18 08:52:48 | 000,396,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/17 23:57:16 | 000,000,157 | ---- | M] () -- C:\Windows\win.ini
[2010/04/17 23:48:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/17 23:48:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/17 23:48:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/17 23:48:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/17 22:43:26 | 000,000,020 | ---- | M] () -- C:\Users\Chris Davis\defogger_reenable
[2010/04/17 10:00:21 | 000,000,283 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/04/15 22:53:41 | 000,002,738 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\w74mwjG
[2010/04/15 22:53:41 | 000,002,738 | -HS- | M] () -- C:\ProgramData\w74mwjG
[2010/04/15 17:11:23 | 000,621,112 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/15 17:11:23 | 000,114,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 17:11:22 | 000,721,034 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/14 19:38:23 | 000,011,250 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\V77QKOg0aQ
[2010/04/14 19:38:23 | 000,011,250 | -HS- | M] () -- C:\ProgramData\V77QKOg0aQ
[2010/04/13 07:51:55 | 000,024,354 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\2rX3LGT3
[2010/04/13 07:51:55 | 000,024,354 | -HS- | M] () -- C:\ProgramData\2rX3LGT3
[2010/04/12 15:37:11 | 000,183,296 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\3940679748.dll
[2010/04/11 01:04:35 | 000,001,356 | ---- | M] () -- C:\Users\Chris Davis\AppData\Local\d3d9caps.dat
[2010/04/10 23:28:39 | 000,009,458 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\GMu1A4P
[2010/04/10 23:28:39 | 000,009,458 | -HS- | M] () -- C:\ProgramData\GMu1A4P
[2010/04/10 22:40:32 | 000,010,362 | -HS- | M] () -- C:\ProgramData\5rf42a2MwB
[2010/04/09 23:23:52 | 000,001,033 | ---- | M] () -- C:\Users\Chris Davis\AppData\Roaming\vso_ts_preview.xml
[2010/04/06 16:30:59 | 000,001,958 | ---- | M] () -- C:\Users\Chris Davis\Desktop\HiJackThis.lnk
[2010/04/06 15:21:11 | 000,011,174 | -HS- | M] () -- C:\ProgramData\aPH03i
[2010/04/05 19:21:56 | 000,010,036 | -HS- | M] () -- C:\ProgramData\1473761628
[2010/04/05 19:20:50 | 000,001,476 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\GbW53PfLB
[2010/04/05 19:20:50 | 000,001,476 | -HS- | M] () -- C:\ProgramData\GbW53PfLB
[2010/04/05 08:12:42 | 000,001,288 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\VHx0W
[2010/04/05 08:12:42 | 000,001,288 | -HS- | M] () -- C:\ProgramData\VHx0W
[2010/04/04 23:24:54 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/02 19:53:24 | 000,008,544 | -HS- | M] () -- C:\ProgramData\LK2mfPE2j
[2010/04/02 17:50:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/02 09:38:58 | 000,009,340 | -HS- | M] () -- C:\ProgramData\8Cq4r
[2010/04/01 17:53:04 | 000,128,591 | ---- | M] () -- C:\Users\Chris Davis\Desktop\Product.html
[2010/04/01 11:08:27 | 000,006,680 | -HS- | M] () -- C:\ProgramData\0S70
[2010/04/01 09:56:12 | 000,010,872 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\8kUL5H5g
[2010/04/01 09:56:12 | 000,010,872 | -HS- | M] () -- C:\ProgramData\8kUL5H5g
[2010/04/01 08:06:07 | 000,012,030 | -HS- | M] () -- C:\ProgramData\4NXd80
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 12:34:11 | 000,010,652 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\5lRk1
[2010/03/29 12:34:11 | 000,010,652 | -HS- | M] () -- C:\ProgramData\5lRk1
[2010/03/25 08:29:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/24 18:28:43 | 000,009,548 | -HS- | M] () -- C:\ProgramData\20xYJkS83BHk4

========== Files Created - No Company Name ==========

[2010/04/17 22:43:06 | 000,000,020 | ---- | C] () -- C:\Users\Chris Davis\defogger_reenable
[2010/04/17 22:42:20 | 000,293,376 | ---- | C] () -- C:\Users\Chris Davis\Desktop\gmer.exe
[2010/04/17 13:23:39 | 000,009,822 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\5sbBr21
[2010/04/17 13:23:11 | 000,009,822 | -HS- | C] () -- C:\ProgramData\5sbBr21
[2010/04/15 21:27:08 | 000,002,738 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\w74mwjG
[2010/04/15 21:27:08 | 000,002,738 | -HS- | C] () -- C:\ProgramData\w74mwjG
[2010/04/14 18:09:00 | 000,011,250 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\V77QKOg0aQ
[2010/04/14 18:09:00 | 000,011,250 | -HS- | C] () -- C:\ProgramData\V77QKOg0aQ
[2010/04/12 15:37:11 | 000,183,296 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\3940679748.dll
[2010/04/12 15:35:43 | 000,024,354 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\2rX3LGT3
[2010/04/12 15:35:43 | 000,024,354 | -HS- | C] () -- C:\ProgramData\2rX3LGT3
[2010/04/11 00:57:39 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/04/10 23:36:53 | 000,000,127 | ---- | C] () -- C:\Users\Chris Davis\AppData\Roaming\ezpinst.log
[2010/04/10 22:37:47 | 000,010,362 | -HS- | C] () -- C:\ProgramData\5rf42a2MwB
[2010/04/10 21:53:23 | 000,009,458 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\GMu1A4P
[2010/04/10 21:53:23 | 000,009,458 | -HS- | C] () -- C:\ProgramData\GMu1A4P
[2010/04/07 10:32:15 | 000,000,145 | --S- | C] () -- C:\Windows\System32\74768828.dat
[2010/04/06 16:30:59 | 000,001,958 | ---- | C] () -- C:\Users\Chris Davis\Desktop\HiJackThis.lnk
[2010/04/06 15:18:16 | 000,011,174 | -HS- | C] () -- C:\ProgramData\aPH03i
[2010/04/05 15:21:51 | 000,010,036 | -HS- | C] () -- C:\ProgramData\1473761628
[2010/04/05 14:02:49 | 000,001,476 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\GbW53PfLB
[2010/04/05 14:02:49 | 000,001,476 | -HS- | C] () -- C:\ProgramData\GbW53PfLB
[2010/04/05 08:39:58 | 000,001,212 | ---- | C] () -- C:\Users\Chris Davis\Desktop\exefix_vista.reg
[2010/04/04 23:35:38 | 000,001,288 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\VHx0W
[2010/04/04 23:35:38 | 000,001,288 | -HS- | C] () -- C:\ProgramData\VHx0W
[2010/04/04 23:24:54 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/02 17:50:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/02 15:37:02 | 000,008,544 | -HS- | C] () -- C:\ProgramData\LK2mfPE2j
[2010/04/02 09:36:28 | 000,009,340 | -HS- | C] () -- C:\ProgramData\8Cq4r
[2010/04/01 17:53:02 | 000,128,591 | ---- | C] () -- C:\Users\Chris Davis\Desktop\Product.html
[2010/04/01 11:07:16 | 000,006,680 | -HS- | C] () -- C:\ProgramData\0S70
[2010/04/01 09:46:28 | 000,010,872 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\8kUL5H5g
[2010/04/01 09:46:28 | 000,010,872 | -HS- | C] () -- C:\ProgramData\8kUL5H5g
[2010/04/01 08:02:59 | 000,012,030 | -HS- | C] () -- C:\ProgramData\4NXd80
[2010/03/29 10:31:21 | 000,010,652 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\5lRk1
[2010/03/29 10:31:21 | 000,010,652 | -HS- | C] () -- C:\ProgramData\5lRk1
[2010/03/24 18:25:45 | 000,009,548 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/01 00:19:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/22 19:49:45 | 000,242,176 | ---- | C] () -- C:\Windows\System32\in_cue.dll
[2009/07/22 19:49:45 | 000,004,608 | ---- | C] () -- C:\Windows\System32\gen_cue.dll
[2009/03/26 12:07:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/03/26 12:03:28 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2009/03/26 12:03:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2008/12/16 15:11:05 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/12/13 21:46:20 | 000,040,448 | ---- | C] () -- C:\Windows\System32\regobj.dll
[2008/12/13 21:46:19 | 000,151,552 | ---- | C] () -- C:\Windows\System32\LWLLHttpsUpload2.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/05 19:04:30 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/09/05 18:57:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2008/09/05 12:00:25 | 000,006,979 | ---- | C] () -- C:\Windows\UN080616.INI
[2008/09/05 11:59:57 | 000,006,353 | ---- | C] () -- C:\Windows\UN070618.INI
[2008/06/24 17:02:18 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/06/12 09:00:48 | 000,000,283 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/02/17 14:06:28 | 000,000,375 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/12/11 18:01:34 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007/12/11 18:01:34 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007/12/11 17:40:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/05 04:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/16 01:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006/11/30 02:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/09 19:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/11/14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/24 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Ableton
[2009/02/27 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\ActiveState
[2010/02/19 00:36:22 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Amazon
[2009/03/04 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Auslogics
[2010/01/30 11:03:10 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Facebook
[2009/07/22 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\foobar2000
[2008/12/13 21:49:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\GEAR Video 9.10
[2008/12/13 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\GetRightToGo
[2008/07/23 20:27:28 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\GrabIt
[2008/02/29 00:57:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\ImgBurn
[2010/02/22 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\IObit
[2008/02/28 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Leadertech
[2010/04/17 22:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Chris Davis\AppData\Roaming\lowsec
[2010/03/12 09:57:13 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Mp3tag
[2008/09/03 21:26:52 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\NetMedia Providers
[2009/10/01 21:29:06 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Nokia
[2009/02/17 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\OpenOffice.org
[2010/04/17 00:45:24 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Oqen
[2009/10/01 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\PC Suite
[2009/11/28 19:05:39 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Power Sound Editor Free
[2008/09/03 17:52:21 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Propellerhead Software
[2008/09/03 21:26:52 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Publish Providers
[2008/09/03 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Sony
[2010/04/22 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Spotify
[2009/09/09 10:01:07 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\SystemRequirementsLab
[2009/07/03 22:15:28 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\The Creative Assembly
[2008/09/03 00:06:26 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Thinstall
[2008/02/15 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Thunderbird
[2008/04/03 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Uniblue
[2010/04/11 01:02:10 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\uTorrent
[2010/04/09 23:23:53 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Vso
[2010/04/16 19:45:05 | 000,000,000 | ---D | M] -- C:\Users\Chris Davis\AppData\Roaming\Xeerxu
[2010/04/22 19:14:11 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/23 10:25:44 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010/04/23 11:36:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6CAF3F1F-4633-48AE-B54F-5BF7F021990E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/12/11 18:58:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/12/11 19:00:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/12/11 19:00:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/12/11 19:00:09 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2007/12/11 18:58:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/12/11 18:58:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/12/11 19:19:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b0f802d7\atapi.sys
[2007/12/11 19:19:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20541_none_dbb1430d3da06c42\atapi.sys
[2010/03/01 19:31:58 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/12/11 19:01:21 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/12/11 19:17:56 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007/12/11 19:17:56 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2007/12/11 19:01:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/12/11 19:01:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 12:01:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 12:01:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/01 19:31:58 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/20 21:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/03/17 01:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >


------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 23/04/2010 11:34:14 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Chris Davis\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.88 Gb Total Space | 14.05 Gb Free Space | 23.08% Space Free | Partition Type: NTFS
Drive D: | 162.00 Gb Total Space | 43.04 Gb Free Space | 26.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISDAVIS-LAP
Current User Name: Chris Davis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = secfile] -- Reg Error: Value error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp
"9001:TCP" = 9001:TCP:*:Enabled:SqueezeCenter 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:SqueezeCenter 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:SqueezeCenter 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:SqueezeCenter 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:SqueezeCenter 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:SqueezeCenter 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:SqueezeCenter 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:SqueezeCenter 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:SqueezeCenter 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:SqueezeCenter 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:SqueezeCenter 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:SqueezeCenter 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:SqueezeCenter 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (UI)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D5500D-FAFA-4B04-ABB6-B2B2D6E7FE4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0BD4037A-F0AE-434B-AE78-FCF537A5C772}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0CDB3737-7626-4029-B9AA-E00DF78EB67D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BC49E10-F38D-4386-BF0B-385113EEB43C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{349E36DC-15E3-4CA5-AD3A-DCB1DBCBDD60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3D2AF919-84BC-4393-9ACF-CA14E309805E}" = rport=2869 | protocol=6 | dir=out | app=system |
"{40EA44F2-39D4-45A6-854F-24CECCBCC85B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{54F1EEB3-D99B-45C1-9FC8-643884D1C7C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6A599751-6CC3-46D8-9704-6C6B09DED372}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{82131361-49F5-4C3E-89A5-8E7460163D27}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84CAB57D-6F4B-4EED-BCE4-03A4D3B853B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{98FAD091-032E-45BD-AD5F-47996534F5AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9B561D6F-5030-45AB-A2CE-389FEB79E263}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{A34445FF-75C2-4ADA-A739-069C06E8348D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A46CE051-D826-480B-AC00-9064CE8813B0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{A997C800-8973-4A37-86F3-9DDC137BF158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D9113BB7-3557-4AA1-8A40-448776A7DBDE}" = lport=37852 | protocol=6 | dir=in | name=utorrent |
"{DE919FD1-D8AD-4187-A6A7-BF3513786CA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00916398-7216-4064-AB9F-99864C54B9F8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{160558BD-CCC6-4F09-AABC-DEEA7C189C2C}" = dir=in | app=c:\program files\squeezecenter\server\squeezecenter.exe |
"{1A3AD220-4EFA-4A8F-B8CC-1A0E7D0CFAFF}" = protocol=6 | dir=in | app=d:\games\steamapps\common\swkotor\swkotor.exe |
"{2F53BFA6-5D94-424D-8848-AFE461996FF5}" = protocol=17 | dir=in | app=c:\users\chris davis\downloads\qtscrob-0.9.exe |
"{2F853A8B-FC54-47EC-8661-45F60BE69FE0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{31AF240C-FEEC-41FB-B70B-727565C04C0F}" = protocol=6 | dir=in | app=c:\users\chris davis\downloads\qtscrob-0.9.exe |
"{34A104CC-95F2-438C-8C4D-AF07BD0E18C4}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{34EC7D4B-6032-4DFF-A3B1-AB4897136E33}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4B80C8B4-AC26-47A8-81BC-9C3303A872F7}" = dir=in | app=c:\program files\squeezecenter\server\squeezecenter.exe |
"{50D3478D-D2B4-46E7-BE10-BC01ADE15568}" = dir=in | app=c:\program files\squeezecenter\server\squeezecenter.exe |
"{5C1846EE-8ED1-412C-AB4A-392781282283}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{64CE4C7D-2562-4A95-8666-AE8DD4BA7447}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AEA6BE9-0F64-410F-81FD-EE323DBDC067}" = protocol=17 | dir=in | app=d:\games\steamapps\common\medieval ii total war\launcher.exe |
"{6B2EA6A1-0381-4291-B1EA-3B466D341C00}" = protocol=17 | dir=in | app=d:\games\steamapps\common\swkotor\swkotor.exe |
"{6CE2B909-6A1B-4B6E-9BB6-A655831931AD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{732C9ED8-DD15-4805-8F3D-AC6D1985CD12}" = protocol=6 | dir=in | app=d:\games\steamapps\common\medieval ii total war\launcher.exe |
"{7860DC42-E304-452E-9006-699751A87498}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{78E8FC81-5EA9-43D2-A144-D1E5276A667D}" = protocol=17 | dir=in | app=d:\games\steamapps\common\empire total war\empire.exe |
"{7F5CE677-0BE4-438C-B6D1-5E7D2702D8DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{85AAA65A-D530-4779-8A4F-01680746EC7B}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{8E6EFD70-7C3F-4128-B326-C957FB5588D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{98717725-D521-4A65-8CAD-43240A3EC452}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ADF0620E-948A-4EEE-A7F3-055C50EB9BCB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{AE1B1321-A3C0-458A-9C5C-86408AF6EDED}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{AEFFC913-1ED3-4E1A-9D8E-5A592D361CE3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{B143895F-8394-4146-8228-95E9ECC175E9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B335975E-E396-4A10-AED6-667CE9D49CE5}" = protocol=6 | dir=out | app=system |
"{B4F1CF07-0079-4202-9347-CD1E1EBD61D0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{B5620313-3BCA-4EE4-B9B1-E572733D8871}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B73B075F-427B-4A3F-ABFF-ECEB44C24595}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{B851856E-2D46-4E26-ABA5-2FA3A0A69C8F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{BEB73E59-104C-49C3-8654-45AF5157194E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{C3DBABA6-27F6-471B-8CED-8EF6AA5E96DA}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{C58F9424-BC0C-49FC-B991-6F059CC1F675}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C9E60451-8B0D-45CD-B17E-9C3E0EB55868}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{CAD303EF-DDD9-48FF-B923-9C3A8B09519D}" = dir=in | app=c:\program files\squeezecenter\server\squeezecenter.exe |
"{CCFD0C78-7381-4700-8682-893109BD395C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D2BC49B4-81AF-4743-BE16-84F0F56AFBB2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D4F113CF-7137-4261-9F64-B9E9218A85F6}" = protocol=6 | dir=in | app=c:\program files\amazon\mp3 downloader\amazonmp3downloader.exe |
"{DE21526E-0C29-4ACA-A27C-56E9336BB295}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E0527CB9-5562-47E6-AE46-666F9AC17B20}" = protocol=6 | dir=in | app=d:\games\steamapps\common\empire total war\empire.exe |
"{E0F6894D-1918-47F7-95F4-93E9B00783FF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB4FE200-37C2-4F77-81C1-973817457404}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{EE40BE3B-947D-4A6C-93E7-ED17AA88E100}" = protocol=17 | dir=in | app=c:\program files\amazon\mp3 downloader\amazonmp3downloader.exe |
"{F91CF798-6596-4D34-B647-E3B466089AC2}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{F94CFAFF-93BC-4223-A7F9-43AD96AE2971}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{FD7CA4A0-E33C-4C10-A09D-3BB9F46AED5C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{17959429-6308-4102-8DC3-A4B7F2F13DF5}D:\games\steam.exe" = protocol=6 | dir=in | app=d:\games\steam.exe |
"TCP Query User{1F221C33-E9E2-472F-8091-29930287919E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3766D275-64F7-48D5-A067-8DECFEB58BF6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{496A8402-2AB1-429D-8736-74F54A4F7924}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4A7AEF2C-EB14-431B-8EFA-FF87C27A102A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6805BDF0-91C9-49F7-A6A0-AB18A3C01089}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7640C8CF-F7B6-41DE-A2A9-DA668260602C}C:\users\chris davis\downloads\utorrent150.exe" = protocol=6 | dir=in | app=c:\users\chris davis\downloads\utorrent150.exe |
"TCP Query User{96E5AC32-2268-45DB-A173-DAD28FAC08D0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9A80F44E-F57E-4D9C-B1CE-7B131FF2559C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A59B4268-11BD-43D0-BCD5-2E7AFD142F3D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E47AB15B-5441-4429-AF49-F2A20ED9AA01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{17377E56-A82C-40A4-9867-9C7E63651B7E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1A205F18-04F4-4014-9033-510E81D53083}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{57F71E65-BE1A-4D6B-ACAC-671B0FBBB2D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7416FC5C-8A42-4EA3-9257-BECB7D13E014}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{8F440260-5EAF-4CD8-B864-D2ED4AB4FAB8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{96C0B4E5-3312-475F-9D28-E4B07C8FB50F}C:\users\chris davis\downloads\utorrent150.exe" = protocol=17 | dir=in | app=c:\users\chris davis\downloads\utorrent150.exe |
"UDP Query User{9EF99E8C-9CAB-47D1-807E-0CA62EBA5EEF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C83FAB5A-D832-4244-881D-332DE7392D55}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{CA1F72D2-B7C3-4C02-B357-08685F35722B}D:\games\steam.exe" = protocol=17 | dir=in | app=d:\games\steam.exe |
"UDP Query User{DDED8730-1FC2-4364-9D61-F05DB01EE5DA}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{FA7EFA97-F2F8-4F27-AC9E-4D9ACCA2448B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5500
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09B790E3-21E3-4D1A-8130-AAA9227C9785}_is1" = SqueezePlay 7.3
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{10592681-B6D2-4C96-9D92-2371190C4EE4}" = DJ Console - User Manual
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Ovi Files
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 2.99.13.900
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C94D0C97-8A5D-428A-B40B-98EBBDBBA36B}" = Hercules DJ Control MP3 drivers
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}" = Hercules DJ Console Series drivers
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"0000CustomCampaignMod2_is1" = Medieval II - Custom Campaign Mod 2
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Batman" = Batman 0.6.1
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CUZ4_is1" = CAM UnZip 4.42
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Checker_is1" = Driver Checker v2.7.3
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ExpressBurn" = Express Burn
"foobar2000" = foobar2000 v0.9.5.1
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ImgBurn" = ImgBurn
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic ISO Maker v5.4 (build 0255)" = Magic ISO Maker v5.4 (build 0255)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaMonkey_is1" = MediaMonkey 3.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixed In Key" = Mixed In Key 2.5
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mp3tag" = Mp3tag v2.45d
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"Secunia PSI" = Secunia PSI
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SopCast" = SopCast 3.0.3
"Spotify" = Spotify
"SqueezeCenter_is1" = SqueezeCenter 7.3.3
"Steam App 10500" = Empire: Total War
"Steam App 10600" = Empire: Total War - Special Forces Unit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UN070618" = BUFFALO TurboUSB for FLASH/HDD
"UN080616" = BUFFALO eco Manager for HD
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"SoftSqueeze 3.7" = SoftSqueeze 3.7

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#5 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 23 April 2010 - 09:45 AM

Hi buddhafish,

Yep, you got a nasty one there. Let's get rid of that. ;)

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    O4 - HKCU..\Run: [{6876287E-F8F7-D3B0-1E77-DDEBF24E1881}] C:\Users\Chris Davis\AppData\Roaming\Xeerxu\elukp.exe File not found
    [2010/04/23 09:42:22 | 000,000,145 | --S- | M] () -- C:\Windows\System32\74768828.dat
    [2010/04/18 09:09:54 | 000,009,822 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\5sbBr21
    [2010/04/18 09:09:54 | 000,009,822 | -HS- | M] () -- C:\ProgramData\5sbBr21
    [2010/04/15 22:53:41 | 000,002,738 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\w74mwjG
    [2010/04/15 22:53:41 | 000,002,738 | -HS- | M] () -- C:\ProgramData\w74mwjG
    [2010/04/14 19:38:23 | 000,011,250 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\V77QKOg0aQ
    [2010/04/14 19:38:23 | 000,011,250 | -HS- | M] () -- C:\ProgramData\V77QKOg0aQ
    [2010/04/13 07:51:55 | 000,024,354 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\2rX3LGT3
    [2010/04/13 07:51:55 | 000,024,354 | -HS- | M] () -- C:\ProgramData\2rX3LGT3
    [2010/04/12 15:37:11 | 000,183,296 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\3940679748.dll
    [2010/04/10 23:28:39 | 000,009,458 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\GMu1A4P
    [2010/04/10 23:28:39 | 000,009,458 | -HS- | M] () -- C:\ProgramData\GMu1A4P
    [2010/04/10 22:40:32 | 000,010,362 | -HS- | M] () -- C:\ProgramData\5rf42a2MwB
    [2010/04/06 15:21:11 | 000,011,174 | -HS- | M] () -- C:\ProgramData\aPH03i
    [2010/04/05 19:21:56 | 000,010,036 | -HS- | M] () -- C:\ProgramData\1473761628
    [2010/04/05 19:20:50 | 000,001,476 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\GbW53PfLB
    [2010/04/05 19:20:50 | 000,001,476 | -HS- | M] () -- C:\ProgramData\GbW53PfLB
    [2010/04/05 08:12:42 | 000,001,288 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\VHx0W
    [2010/04/05 08:12:42 | 000,001,288 | -HS- | M] () -- C:\ProgramData\VHx0W
    [2010/04/02 19:53:24 | 000,008,544 | -HS- | M] () -- C:\ProgramData\LK2mfPE2j
    [2010/04/02 09:38:58 | 000,009,340 | -HS- | M] () -- C:\ProgramData\8Cq4r
    [2010/04/01 11:08:27 | 000,006,680 | -HS- | M] () -- C:\ProgramData\0S70
    [2010/04/01 09:56:12 | 000,010,872 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\8kUL5H5g
    [2010/04/01 09:56:12 | 000,010,872 | -HS- | M] () -- C:\ProgramData\8kUL5H5g
    [2010/04/01 08:06:07 | 000,012,030 | -HS- | M] () -- C:\ProgramData\4NXd80
    [2010/03/29 12:34:11 | 000,010,652 | -HS- | M] () -- C:\Users\Chris Davis\AppData\Local\5lRk1
    [2010/03/29 12:34:11 | 000,010,652 | -HS- | M] () -- C:\ProgramData\5lRk1
    [2010/03/24 18:28:43 | 000,009,548 | -HS- | M] () -- C:\ProgramData\20xYJkS83BHk4
    [2010/04/17 13:23:39 | 000,009,822 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\5sbBr21
    [2010/04/17 13:23:11 | 000,009,822 | -HS- | C] () -- C:\ProgramData\5sbBr21
    [2010/04/15 21:27:08 | 000,002,738 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\w74mwjG
    [2010/04/15 21:27:08 | 000,002,738 | -HS- | C] () -- C:\ProgramData\w74mwjG
    [2010/04/14 18:09:00 | 000,011,250 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\V77QKOg0aQ
    [2010/04/14 18:09:00 | 000,011,250 | -HS- | C] () -- C:\ProgramData\V77QKOg0aQ
    [2010/04/12 15:37:11 | 000,183,296 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\3940679748.dll
    [2010/04/12 15:35:43 | 000,024,354 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\2rX3LGT3
    [2010/04/12 15:35:43 | 000,024,354 | -HS- | C] () -- C:\ProgramData\2rX3LGT3
    [2010/04/10 22:37:47 | 000,010,362 | -HS- | C] () -- C:\ProgramData\5rf42a2MwB
    [2010/04/10 21:53:23 | 000,009,458 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\GMu1A4P
    [2010/04/10 21:53:23 | 000,009,458 | -HS- | C] () -- C:\ProgramData\GMu1A4P
    [2010/04/07 10:32:15 | 000,000,145 | --S- | C] () -- C:\Windows\System32\74768828.dat
    [2010/04/06 15:18:16 | 000,011,174 | -HS- | C] () -- C:\ProgramData\aPH03i
    [2010/04/05 15:21:51 | 000,010,036 | -HS- | C] () -- C:\ProgramData\1473761628
    [2010/04/05 14:02:49 | 000,001,476 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\GbW53PfLB
    [2010/04/05 14:02:49 | 000,001,476 | -HS- | C] () -- C:\ProgramData\GbW53PfLB
    [2010/04/04 23:35:38 | 000,001,288 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\VHx0W
    [2010/04/04 23:35:38 | 000,001,288 | -HS- | C] () -- C:\ProgramData\VHx0W
    [2010/04/02 15:37:02 | 000,008,544 | -HS- | C] () -- C:\ProgramData\LK2mfPE2j
    [2010/04/02 09:36:28 | 000,009,340 | -HS- | C] () -- C:\ProgramData\8Cq4r
    [2010/04/01 11:07:16 | 000,006,680 | -HS- | C] () -- C:\ProgramData\0S70
    [2010/04/01 09:46:28 | 000,010,872 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\8kUL5H5g
    [2010/04/01 09:46:28 | 000,010,872 | -HS- | C] () -- C:\ProgramData\8kUL5H5g
    [2010/04/01 08:02:59 | 000,012,030 | -HS- | C] () -- C:\ProgramData\4NXd80
    [2010/03/29 10:31:21 | 000,010,652 | -HS- | C] () -- C:\Users\Chris Davis\AppData\Local\5lRk1
    [2010/03/29 10:31:21 | 000,010,652 | -HS- | C] () -- C:\ProgramData\5lRk1
    [2010/03/24 18:25:45 | 000,009,548 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

STEP 2 - ComboFix

Please download ComboFix and save it to your Desktop.NOTE: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:




  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don''t know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  7. Double click on combo-Fix.exe & follow the prompts.
  8. When finished, it will produce a report for you.
  9. Please post C:\Combo-Fix.txt in your next post.
**Note: Do not click the ComboFix window while it's running. That may cause it to stall**

STEP 3 - Reply

Please reply with the following log:
  • ComboFix Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#6 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 23 April 2010 - 11:03 AM

As requested. Thanks for sticking with me mpascal. thumbup2.gif

ComboFix 10-04-21.01 - Chris Davis 23/04/2010 16:37:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2146 [GMT 1:00]
Running from: c:\users\Chris Davis\Desktop\Combo-Fix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2818687802-2581210965-3523022168-500
c:\$recycle.bin\S-1-5-21-3428811891-311621954-2324970383-500
c:\$recycle.bin\S-1-5-21-562593655-1936356248-2708367035-500
c:\programdata\hpe9030.dll
c:\users\Chris Davis\AppData\Roaming\ezpinst.log
c:\users\Chris Davis\AppData\Roaming\inst.exe
c:\windows\system32\%appdata%
c:\windows\system32\74768828.dat
c:\windows\system32\ReadMe.txt
c:\windows\system32\test.dll
c:\windows\TEMP\pdk-SYSTEM-1704\054a515a11c7920cfc4d7faea7af4932\XS.dll
c:\windows\TEMP\pdk-SYSTEM-1704\12913763d8b9f06d2ca82771fcb306f1\Parser.dll
c:\windows\TEMP\pdk-SYSTEM-1704\14f8cfecb15e1c87916789ed739489ff\Expat.dll
c:\windows\TEMP\pdk-SYSTEM-1704\1661c0bf55e937fc17e888420955b231\Byte.dll
c:\windows\TEMP\pdk-SYSTEM-1704\18eb3d3d937ca6cb5e26d752e5330d95\Registry.dll
c:\windows\TEMP\pdk-SYSTEM-1704\1b8dbc9967c4559d794e3c3f32351f38\MD5.dll
c:\windows\TEMP\pdk-SYSTEM-1704\22647639fdd9ac2ac4e37e97d38d3fa3\POSIX.dll
c:\windows\TEMP\pdk-SYSTEM-1704\27a7d7c14d1dcc61c603e9aa84019c1c\OLE.dll
c:\windows\TEMP\pdk-SYSTEM-1704\29730101f036533c486c3ad832bfb581\Cwd.dll
c:\windows\TEMP\pdk-SYSTEM-1704\2c7835a8a10669b6f202e17e474011e1\Process.dll
c:\windows\TEMP\pdk-SYSTEM-1704\2eca23e437744e1286c6e3c4983737b5\IO.dll
c:\windows\TEMP\pdk-SYSTEM-1704\3a121330ee88767be4d2a6e2e01021de\File.dll
c:\windows\TEMP\pdk-SYSTEM-1704\514f58c7649fa1fe7afd0239e90bf91d\SHA1.dll
c:\windows\TEMP\pdk-SYSTEM-1704\531074183cd92c8ee6e38095fed64379\Detector.dll
c:\windows\TEMP\pdk-SYSTEM-1704\563d7ead40b59c49009856a0b10f2014\Array.dll
c:\windows\TEMP\pdk-SYSTEM-1704\5665e9d91ffd5329b4b069811edd98e1\XS.dll
c:\windows\TEMP\pdk-SYSTEM-1704\68e97b02af7f01d132cf0e90dd7ad74a\Registry.dll
c:\windows\TEMP\pdk-SYSTEM-1704\6ab3292ea2fe89cb7db3f546c718e6a8\B.dll
c:\windows\TEMP\pdk-SYSTEM-1704\6ecc81286663495601d2499da7def595\Zlib.dll
c:\windows\TEMP\pdk-SYSTEM-1704\6f1c2438342f9c681542a4c32ad1f17d\Storable.dll
c:\windows\TEMP\pdk-SYSTEM-1704\729aebf6338f07961c67068f1ec22bf5\FastCalc.dll
c:\windows\TEMP\pdk-SYSTEM-1704\776043a051266bed6315875a8a879b49\GD.dll
c:\windows\TEMP\pdk-SYSTEM-1704\79d2ba91dcd37057e0539ed55a845a5e\HiRes.dll
c:\windows\TEMP\pdk-SYSTEM-1704\86ca4b17d1dc927226fa1f37ebe2273c\Fcntl.dll
c:\windows\TEMP\pdk-SYSTEM-1704\88d0e8c4961b749c8fcc6400ca060fd2\WinError.dll
c:\windows\TEMP\pdk-SYSTEM-1704\899240261dde99660e14431e6d8d1fe9\DBI.dll
c:\windows\TEMP\pdk-SYSTEM-1704\8f7795dcbafc290e9d71b3cedc3f6470\Util.dll
c:\windows\TEMP\pdk-SYSTEM-1704\92e8b5997b24c470e95412a86a38765d\Base64.dll
c:\windows\TEMP\pdk-SYSTEM-1704\935d16d0d9563f34e09919b6d80fb3ed\Unicode.dll
c:\windows\TEMP\pdk-SYSTEM-1704\a507fccf2be25b878761a66bf411c201\mysql.dll
c:\windows\TEMP\pdk-SYSTEM-1704\a92e9d0745782753138e6c0f74be7f82\Socket.dll
c:\windows\TEMP\pdk-SYSTEM-1704\ad76515ff4d1de346e3888790190a3c0\API.dll
c:\windows\TEMP\pdk-SYSTEM-1704\b1ef31ab16378a4b392b3d07f25c074a\Service.dll
c:\windows\TEMP\pdk-SYSTEM-1704\c8268acd4616fc1069e936b486bd0ccf\vxs.dll
c:\windows\TEMP\pdk-SYSTEM-1704\c92f1c7d4396f53f4c5d352e2bd8c9a9\Syck.dll
c:\windows\TEMP\pdk-SYSTEM-1704\cd69c51b5253d9b11bea339b859819b7\ReadKey.dll
c:\windows\TEMP\pdk-SYSTEM-1704\d21e2f9367d0e3efd5d09cb808f66fd9\File.dll
c:\windows\TEMP\pdk-SYSTEM-1704\e13cf768ec1b1a37b205ba2cf243710f\Hostname.dll
c:\windows\TEMP\pdk-SYSTEM-1704\eafccbed965007c129598be76f4f1c36\Peek.dll
c:\windows\TEMP\pdk-SYSTEM-1704\eca2604334cf65a36123562b3bd4a409\Encode.dll
c:\windows\TEMP\pdk-SYSTEM-1704\f1218e99b70f6a76d1c2fa98cba4ac46\Win32.dll
c:\windows\TEMP\pdk-SYSTEM-1704\fa142febd5dc53f93f911452e1a99387\Hebrew.dll
c:\windows\TEMP\pdk-SYSTEM-1704\perl58.dll

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 15:47 . 2010-04-23 15:47 32 ----a-w- c:\windows\system32\74768828.dat
2010-04-23 15:46 . 2010-04-23 15:49 -------- d-----w- c:\users\Chris Davis\AppData\Local\temp
2010-04-23 14:53 . 2010-04-23 14:53 -------- d-----w- C:\_OTL
2010-04-18 10:27 . 2010-04-18 10:27 -------- d-----w- c:\program files\Secunia
2010-04-17 22:48 . 2010-04-17 22:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 09:22 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-17 09:22 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-17 09:22 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-17 09:22 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-17 09:22 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-17 09:22 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-17 08:52 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-17 08:52 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-17 08:52 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-16 15:18 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 15:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 19:28 . 2010-04-13 19:28 -------- d-----w- c:\programdata\BVRP Software
2010-04-10 23:57 . 2010-03-17 00:01 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-10 23:57 . 2010-03-17 00:01 4513896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-10 23:57 . 2010-03-17 00:01 11597416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-04-10 23:57 . 2010-03-17 00:01 9393256 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-10 23:57 . 2010-03-17 00:01 15235688 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-10 23:57 . 2010-03-17 00:01 2647144 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-10 23:57 . 2010-03-17 00:01 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-10 23:57 . 2010-03-17 00:01 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-10 23:57 . 2010-03-17 00:01 215656 ----a-w- c:\windows\system32\nvcod1910.dll
2010-04-10 23:57 . 2010-03-17 00:01 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-04-10 23:57 . 2010-03-17 00:01 1299048 ----a-w- c:\windows\system32\nvapi.dll
2010-04-10 23:57 . 2010-03-17 00:01 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-06 15:30 . 2010-04-06 15:30 -------- d-----w- c:\program files\TrendMicro
2010-04-04 22:46 . 2010-04-04 22:46 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Avira
2010-04-04 22:24 . 2010-04-04 22:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-04 22:24 . 2010-04-04 22:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 22:24 . 2010-04-04 22:24 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com
2010-04-02 16:50 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-02 16:50 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-02 16:50 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-02 16:50 . 2010-04-02 16:50 -------- d-----w- c:\programdata\Avira
2010-04-02 16:50 . 2010-04-02 16:50 -------- d-----w- c:\program files\Avira
2010-04-02 16:45 . 2010-04-04 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 15:48 . 2010-03-01 15:03 354304 ----a-w- c:\programdata\nvModes.dat
2010-04-23 15:46 . 2007-12-11 16:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-23 11:25 . 2010-02-27 00:24 10587 ----a-w- c:\windows\system32\dmlg.dat
2010-04-23 10:50 . 2009-07-04 18:10 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Spotify
2010-04-23 09:36 . 2009-02-17 10:58 1 ----a-w- c:\users\Chris Davis\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-18 07:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-18 07:54 . 2008-02-08 09:51 106512 ----a-w- c:\users\Chris Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-17 23:06 . 2007-12-11 18:27 -------- d-----w- c:\programdata\Microsoft Help
2010-04-17 23:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-04-17 21:10 . 2010-03-03 21:12 -------- d-sh--w- c:\users\Chris Davis\AppData\Roaming\lowsec
2010-04-16 23:45 . 2009-08-22 06:41 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Oqen
2010-04-16 18:45 . 2008-08-02 23:42 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Xeerxu
2010-04-11 00:06 . 2007-12-11 18:57 -------- d-----w- c:\programdata\NVIDIA
2010-04-11 00:04 . 2010-02-18 08:50 1356 ----a-w- c:\users\Chris Davis\AppData\Local\d3d9caps.dat
2010-04-11 00:02 . 2008-03-13 19:39 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\uTorrent
2010-04-09 22:23 . 2008-02-21 23:14 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Vso
2010-04-06 15:30 . 2010-04-06 15:30 388096 ----a-r- c:\users\Chris Davis\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-04 22:26 . 2010-04-04 22:26 52224 ----a-w- c:\users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-04 22:26 . 2010-04-04 22:26 117760 ----a-w- c:\users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-02 16:54 . 2010-02-18 17:56 -------- d-----w- c:\programdata\avg9
2010-04-02 07:54 . 2010-02-18 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 07:54 . 2010-04-02 07:54 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 07:52 . 2010-04-02 07:52 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-02 07:52 . 2010-04-02 07:52 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-01 10:59 . 2009-04-30 15:33 -------- d-----w- c:\program files\Common Files\Steam
2010-03-29 23:46 . 2010-02-26 23:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-02-26 23:48 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 11:14 . 2009-04-27 12:51 -------- d-----w- c:\program files\AVG
2010-03-17 20:45 . 2008-02-08 10:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-17 00:01 . 2010-04-10 23:57 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-03-16 19:46 . 2010-03-16 19:46 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-16 19:46 . 2010-03-16 19:46 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-16 19:46 . 2010-03-16 19:46 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 19:46 . 2010-03-16 19:46 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 19:46 . 2010-03-16 19:46 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-12 10:26 . 2007-12-11 16:40 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-12 08:57 . 2009-01-07 19:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-12 08:57 . 2008-05-27 22:18 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Winamp
2010-03-12 08:57 . 2008-02-14 16:57 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Mp3tag
2010-03-12 08:57 . 2009-10-01 16:33 -------- d-----w- c:\program files\Nokia
2010-03-12 08:57 . 2009-01-07 19:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-12 08:57 . 2008-02-14 16:57 -------- d-----w- c:\program files\Mp3tag
2010-03-12 08:57 . 2008-04-03 21:36 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-03-07 22:50 . 2010-03-07 22:50 -------- d-----w- c:\program files\CAM Development
2010-03-03 08:32 . 2008-02-14 17:51 -------- d-----w- c:\program files\Google
2010-03-01 18:31 . 2009-07-31 23:19 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-01 14:59 . 2010-03-01 14:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-28 22:16 . 2008-02-10 11:52 57497 ----a-w- c:\users\Chris Davis\AppData\Roaming\nvModes.dat
2010-02-27 09:40 . 2008-04-05 14:33 -------- d-----w- c:\programdata\vsosdk
2010-02-27 09:39 . 2010-02-27 09:39 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-27 09:39 . 2010-02-27 09:39 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-27 09:38 . 2010-02-27 09:38 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-27 09:36 . 2009-10-01 16:32 -------- d-----w- c:\programdata\Installations
2010-02-27 09:35 . 2010-02-27 09:35 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-27 09:35 . 2010-02-27 09:35 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-27 09:35 . 2010-02-27 09:35 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-27 09:35 . 2010-02-27 09:35 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-27 09:35 . 2010-02-27 09:36 34399664 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng.exe
2010-02-26 23:25 . 2009-09-24 12:05 -------- d-----w- c:\program files\Ovi Files
2010-02-26 23:25 . 2007-12-11 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 23:25 . 2009-09-09 08:01 -------- d-----w- c:\program files\Driver Checker
2010-02-26 23:25 . 2007-12-11 17:04 -------- d-----w- c:\program files\CyberLink
2010-02-26 23:25 . 2009-04-22 08:13 -------- d-----w- c:\program files\Avanquest update
2010-02-24 09:16 . 2009-10-03 07:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-01 07:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-01 07:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-01 07:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 19:19 . 2010-02-22 19:03 -------- d-----w- c:\program files\IObit
2010-02-22 19:03 . 2010-02-22 19:03 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\IObit
2010-02-20 23:06 . 2010-03-12 08:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 08:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 08:05 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-16 12:24 . 2010-02-18 23:49 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 10:32 . 2010-03-02 22:41 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-30 10:03 . 2010-01-30 10:03 50354 ----a-w- c:\users\Chris Davis\AppData\Roaming\Facebook\uninstall.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Chris Davis\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Chris Davis\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-26 23:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-26 23:43 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-26 23:43 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-26 23:43 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-26 23:43 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-26 23:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-26 23:43 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-26 23:43 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-26 23:43 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-02-27 15:39 . 2009-02-27 15:39 597 ----a-w- c:\program files\Main Program - Shortcut.lnk
2008-04-12 14:24 . 2009-05-21 20:25 18321 ----a-w- c:\program files\copying
2007-10-28 22:29 . 2007-10-28 22:02 969 ----a-w- c:\program files\DOTCOM1.NFO
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-13 4702208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SqueezeCenter Tray Tool.lnk]
backup=c:\windows\pss\SqueezeCenter Tray Tool.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:c4,44,36,51,90,12,ca,01

R2 SCPolicySvcAudiosrv;Smart Card Removal Policy SCPolicySvcAudiosrv;c:\windows\system32\algk.exe [x]
R2 seclogonProtectedStorage;Secondary Logon seclogonProtectedStorage;c:\windows\system32\ActionQueuej.exe [x]
R2 SessionEnvRasAuto;Terminal Services Configuration SessionEnvRasAuto;c:\windows\system32\ACWe.exe [x]
R2 SysMainWerSvc;Superfetch SysMainWerSvc;c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0u.exe [x]
R2 TBSFDResPub;TPM Base Services TBSFDResPub;c:\windows\system32\AdvancedInstallersa.exe [x]
R2 UxSmsAppinfo;Desktop Window Manager Session Manager UxSmsAppinfo;c:\windows\system32\acwizardf.exe [x]
R2 WlansvcPcaSvc;WLAN AutoConfig WlansvcPcaSvc;c:\windows\system32\admparseq.exe [x]
R2 WPCSvcslsvc;Parental Controls WPCSvcslsvc;c:\windows\system32\AgCPanelSwedisht.exe [x]
R2 wscsvcose;Security Center wscsvcose;c:\windows\system32\adsmsextv.exe [2008-01-19 95744]
R3 ADDMEM;ADDMEM;c:\users\CHRISD~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2008-07-29 8960]
R3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\Drivers\BCD3000.SYS [2008-03-30 42496]
R3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\Drivers\BCD3000WDM.SYS [2008-03-30 21600]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-02-12 17152]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2007-03-19 47104]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2007-02-09 130432]
R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2007-02-08 41984]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-16 685816]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-06-15 4149248]
S2 squeezesvc;SqueezeCenter;c:\program files\SqueezeCenter\server\squeezecenter.exe [2009-06-15 10080343]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 14:34]

2010-04-23 c:\windows\Tasks\User_Feed_Synchronization-{6CAF3F1F-4633-48AE-B54F-5BF7F021990E}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextWon&ssPageName=STRK:ME:LNLK:MEWNX
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Chris Davis\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 16:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x7DF70002

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3500)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-23 16:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 15:56

Pre-Run: 15,358,623,744 bytes free
Post-Run: 15,277,821,952 bytes free

- - End Of File - - F59DA8B09B3DEF438CF30E5ADEDC94AC


#7 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 23 April 2010 - 12:16 PM

Hi buddhafish,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
Registry::
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 1
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#8 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 23 April 2010 - 12:49 PM

ComboFix 10-04-21.01 - Chris Davis 23/04/2010 18:26:34.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1913 [GMT 1:00]
Running from: c:\users\Chris Davis\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Chris Davis\Desktop\CFScript.txt
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\74768828.dat
c:\windows\TEMP\pdk-SYSTEM-2124\054a515a11c7920cfc4d7faea7af4932\XS.dll
c:\windows\TEMP\pdk-SYSTEM-2124\12913763d8b9f06d2ca82771fcb306f1\Parser.dll
c:\windows\TEMP\pdk-SYSTEM-2124\14f8cfecb15e1c87916789ed739489ff\Expat.dll
c:\windows\TEMP\pdk-SYSTEM-2124\1661c0bf55e937fc17e888420955b231\Byte.dll
c:\windows\TEMP\pdk-SYSTEM-2124\18eb3d3d937ca6cb5e26d752e5330d95\Registry.dll
c:\windows\TEMP\pdk-SYSTEM-2124\1b8dbc9967c4559d794e3c3f32351f38\MD5.dll
c:\windows\TEMP\pdk-SYSTEM-2124\22647639fdd9ac2ac4e37e97d38d3fa3\POSIX.dll
c:\windows\TEMP\pdk-SYSTEM-2124\27a7d7c14d1dcc61c603e9aa84019c1c\OLE.dll
c:\windows\TEMP\pdk-SYSTEM-2124\29730101f036533c486c3ad832bfb581\Cwd.dll
c:\windows\TEMP\pdk-SYSTEM-2124\2c7835a8a10669b6f202e17e474011e1\Process.dll
c:\windows\TEMP\pdk-SYSTEM-2124\2eca23e437744e1286c6e3c4983737b5\IO.dll
c:\windows\TEMP\pdk-SYSTEM-2124\3a121330ee88767be4d2a6e2e01021de\File.dll
c:\windows\TEMP\pdk-SYSTEM-2124\514f58c7649fa1fe7afd0239e90bf91d\SHA1.dll
c:\windows\TEMP\pdk-SYSTEM-2124\531074183cd92c8ee6e38095fed64379\Detector.dll
c:\windows\TEMP\pdk-SYSTEM-2124\563d7ead40b59c49009856a0b10f2014\Array.dll
c:\windows\TEMP\pdk-SYSTEM-2124\5665e9d91ffd5329b4b069811edd98e1\XS.dll
c:\windows\TEMP\pdk-SYSTEM-2124\68e97b02af7f01d132cf0e90dd7ad74a\Registry.dll
c:\windows\TEMP\pdk-SYSTEM-2124\6ab3292ea2fe89cb7db3f546c718e6a8\B.dll
c:\windows\TEMP\pdk-SYSTEM-2124\6ecc81286663495601d2499da7def595\Zlib.dll
c:\windows\TEMP\pdk-SYSTEM-2124\6f1c2438342f9c681542a4c32ad1f17d\Storable.dll
c:\windows\TEMP\pdk-SYSTEM-2124\729aebf6338f07961c67068f1ec22bf5\FastCalc.dll
c:\windows\TEMP\pdk-SYSTEM-2124\776043a051266bed6315875a8a879b49\GD.dll
c:\windows\TEMP\pdk-SYSTEM-2124\79d2ba91dcd37057e0539ed55a845a5e\HiRes.dll
c:\windows\TEMP\pdk-SYSTEM-2124\86ca4b17d1dc927226fa1f37ebe2273c\Fcntl.dll
c:\windows\TEMP\pdk-SYSTEM-2124\88d0e8c4961b749c8fcc6400ca060fd2\WinError.dll
c:\windows\TEMP\pdk-SYSTEM-2124\899240261dde99660e14431e6d8d1fe9\DBI.dll
c:\windows\TEMP\pdk-SYSTEM-2124\8f7795dcbafc290e9d71b3cedc3f6470\Util.dll
c:\windows\TEMP\pdk-SYSTEM-2124\92e8b5997b24c470e95412a86a38765d\Base64.dll
c:\windows\TEMP\pdk-SYSTEM-2124\935d16d0d9563f34e09919b6d80fb3ed\Unicode.dll
c:\windows\TEMP\pdk-SYSTEM-2124\a507fccf2be25b878761a66bf411c201\mysql.dll
c:\windows\TEMP\pdk-SYSTEM-2124\a92e9d0745782753138e6c0f74be7f82\Socket.dll
c:\windows\TEMP\pdk-SYSTEM-2124\ad76515ff4d1de346e3888790190a3c0\API.dll
c:\windows\TEMP\pdk-SYSTEM-2124\b1ef31ab16378a4b392b3d07f25c074a\Service.dll
c:\windows\TEMP\pdk-SYSTEM-2124\c8268acd4616fc1069e936b486bd0ccf\vxs.dll
c:\windows\TEMP\pdk-SYSTEM-2124\c92f1c7d4396f53f4c5d352e2bd8c9a9\Syck.dll
c:\windows\TEMP\pdk-SYSTEM-2124\cd69c51b5253d9b11bea339b859819b7\ReadKey.dll
c:\windows\TEMP\pdk-SYSTEM-2124\d21e2f9367d0e3efd5d09cb808f66fd9\File.dll
c:\windows\TEMP\pdk-SYSTEM-2124\e13cf768ec1b1a37b205ba2cf243710f\Hostname.dll
c:\windows\TEMP\pdk-SYSTEM-2124\eafccbed965007c129598be76f4f1c36\Peek.dll
c:\windows\TEMP\pdk-SYSTEM-2124\eca2604334cf65a36123562b3bd4a409\Encode.dll
c:\windows\TEMP\pdk-SYSTEM-2124\f1218e99b70f6a76d1c2fa98cba4ac46\Win32.dll
c:\windows\TEMP\pdk-SYSTEM-2124\fa142febd5dc53f93f911452e1a99387\Hebrew.dll
c:\windows\TEMP\pdk-SYSTEM-2124\perl58.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 17:35 . 2010-04-23 17:35 32 ----a-w- c:\windows\system32\74768828.dat
2010-04-23 17:33 . 2010-04-23 17:36 -------- d-----w- c:\users\Chris Davis\AppData\Local\temp
2010-04-23 17:33 . 2010-04-23 17:33 -------- d-----w- c:\users\The Kids\AppData\Local\temp
2010-04-23 17:33 . 2010-04-23 17:33 -------- d-----w- c:\users\Sally\AppData\Local\temp
2010-04-23 17:33 . 2010-04-23 17:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-23 17:33 . 2010-04-23 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-23 14:53 . 2010-04-23 14:53 -------- d-----w- C:\_OTL
2010-04-18 10:27 . 2010-04-18 10:27 -------- d-----w- c:\program files\Secunia
2010-04-17 22:48 . 2010-04-17 22:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 09:22 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-17 09:22 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-17 09:22 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-17 09:22 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-17 09:22 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-17 09:22 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-17 08:52 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-17 08:52 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-17 08:52 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-16 15:18 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 15:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 19:28 . 2010-04-13 19:28 -------- d-----w- c:\programdata\BVRP Software
2010-04-10 23:57 . 2010-03-17 00:01 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-10 23:57 . 2010-03-17 00:01 4513896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-10 23:57 . 2010-03-17 00:01 11597416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-04-10 23:57 . 2010-03-17 00:01 9393256 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-10 23:57 . 2010-03-17 00:01 15235688 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-10 23:57 . 2010-03-17 00:01 2647144 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-10 23:57 . 2010-03-17 00:01 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-10 23:57 . 2010-03-17 00:01 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-10 23:57 . 2010-03-17 00:01 215656 ----a-w- c:\windows\system32\nvcod1910.dll
2010-04-10 23:57 . 2010-03-17 00:01 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-04-10 23:57 . 2010-03-17 00:01 1299048 ----a-w- c:\windows\system32\nvapi.dll
2010-04-10 23:57 . 2010-03-17 00:01 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-06 15:30 . 2010-04-06 15:30 -------- d-----w- c:\program files\TrendMicro
2010-04-04 22:46 . 2010-04-04 22:46 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Avira
2010-04-04 22:24 . 2010-04-04 22:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-04 22:24 . 2010-04-04 22:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 22:24 . 2010-04-04 22:24 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com
2010-04-02 16:50 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-02 16:50 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-02 16:50 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-02 16:50 . 2010-04-02 16:50 -------- d-----w- c:\programdata\Avira
2010-04-02 16:50 . 2010-04-02 16:50 -------- d-----w- c:\program files\Avira
2010-04-02 16:45 . 2010-04-04 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 17:35 . 2010-03-01 15:03 354304 ----a-w- c:\programdata\nvModes.dat
2010-04-23 17:34 . 2007-12-11 16:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-23 11:25 . 2010-02-27 00:24 10587 ----a-w- c:\windows\system32\dmlg.dat
2010-04-23 10:50 . 2009-07-04 18:10 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Spotify
2010-04-23 09:36 . 2009-02-17 10:58 1 ----a-w- c:\users\Chris Davis\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-18 07:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-18 07:54 . 2008-02-08 09:51 106512 ----a-w- c:\users\Chris Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-17 23:06 . 2007-12-11 18:27 -------- d-----w- c:\programdata\Microsoft Help
2010-04-17 23:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-04-17 21:10 . 2010-03-03 21:12 -------- d-sh--w- c:\users\Chris Davis\AppData\Roaming\lowsec
2010-04-16 23:45 . 2009-08-22 06:41 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Oqen
2010-04-16 18:45 . 2008-08-02 23:42 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Xeerxu
2010-04-11 00:06 . 2007-12-11 18:57 -------- d-----w- c:\programdata\NVIDIA
2010-04-11 00:04 . 2010-02-18 08:50 1356 ----a-w- c:\users\Chris Davis\AppData\Local\d3d9caps.dat
2010-04-11 00:02 . 2008-03-13 19:39 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\uTorrent
2010-04-09 22:23 . 2008-02-21 23:14 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Vso
2010-04-06 15:30 . 2010-04-06 15:30 388096 ----a-r- c:\users\Chris Davis\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-04 22:26 . 2010-04-04 22:26 52224 ----a-w- c:\users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-04 22:26 . 2010-04-04 22:26 117760 ----a-w- c:\users\Chris Davis\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-02 16:54 . 2010-02-18 17:56 -------- d-----w- c:\programdata\avg9
2010-04-02 07:54 . 2010-02-18 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 07:54 . 2010-04-02 07:54 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 07:52 . 2010-04-02 07:52 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-02 07:52 . 2010-04-02 07:52 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-01 10:59 . 2009-04-30 15:33 -------- d-----w- c:\program files\Common Files\Steam
2010-03-29 23:46 . 2010-02-26 23:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-02-26 23:48 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 11:14 . 2009-04-27 12:51 -------- d-----w- c:\program files\AVG
2010-03-17 20:45 . 2008-02-08 10:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-17 00:01 . 2010-04-10 23:57 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-03-16 19:46 . 2010-03-16 19:46 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-16 19:46 . 2010-03-16 19:46 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-16 19:46 . 2010-03-16 19:46 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 19:46 . 2010-03-16 19:46 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 19:46 . 2010-03-16 19:46 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-12 10:26 . 2007-12-11 16:40 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-12 08:57 . 2009-01-07 19:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-12 08:57 . 2008-05-27 22:18 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Winamp
2010-03-12 08:57 . 2008-02-14 16:57 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\Mp3tag
2010-03-12 08:57 . 2009-10-01 16:33 -------- d-----w- c:\program files\Nokia
2010-03-12 08:57 . 2009-01-07 19:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-12 08:57 . 2008-02-14 16:57 -------- d-----w- c:\program files\Mp3tag
2010-03-12 08:57 . 2008-04-03 21:36 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-03-07 22:50 . 2010-03-07 22:50 -------- d-----w- c:\program files\CAM Development
2010-03-03 08:32 . 2008-02-14 17:51 -------- d-----w- c:\program files\Google
2010-03-01 18:31 . 2009-07-31 23:19 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-01 14:59 . 2010-03-01 14:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-28 22:16 . 2008-02-10 11:52 57497 ----a-w- c:\users\Chris Davis\AppData\Roaming\nvModes.dat
2010-02-27 09:40 . 2008-04-05 14:33 -------- d-----w- c:\programdata\vsosdk
2010-02-27 09:39 . 2010-02-27 09:39 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-27 09:39 . 2010-02-27 09:39 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-27 09:38 . 2010-02-27 09:38 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-27 09:36 . 2009-10-01 16:32 -------- d-----w- c:\programdata\Installations
2010-02-27 09:35 . 2010-02-27 09:35 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-27 09:35 . 2010-02-27 09:35 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-27 09:35 . 2010-02-27 09:35 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-27 09:35 . 2010-02-27 09:35 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-27 09:35 . 2010-02-27 09:36 34399664 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng.exe
2010-02-26 23:25 . 2009-09-24 12:05 -------- d-----w- c:\program files\Ovi Files
2010-02-26 23:25 . 2007-12-11 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 23:25 . 2009-09-09 08:01 -------- d-----w- c:\program files\Driver Checker
2010-02-26 23:25 . 2007-12-11 17:04 -------- d-----w- c:\program files\CyberLink
2010-02-26 23:25 . 2009-04-22 08:13 -------- d-----w- c:\program files\Avanquest update
2010-02-24 09:16 . 2009-10-03 07:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-01 07:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-01 07:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-01 07:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 19:19 . 2010-02-22 19:03 -------- d-----w- c:\program files\IObit
2010-02-22 19:03 . 2010-02-22 19:03 -------- d-----w- c:\users\Chris Davis\AppData\Roaming\IObit
2010-02-20 23:06 . 2010-03-12 08:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 08:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 08:05 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-16 12:24 . 2010-02-18 23:49 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 10:32 . 2010-03-02 22:41 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-30 10:03 . 2010-01-30 10:03 50354 ----a-w- c:\users\Chris Davis\AppData\Roaming\Facebook\uninstall.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Chris Davis\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Chris Davis\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-26 23:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-26 23:43 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-26 23:43 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-26 23:43 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-26 23:43 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-26 23:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-26 23:43 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-26 23:43 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-26 23:43 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-02-27 15:39 . 2009-02-27 15:39 597 ----a-w- c:\program files\Main Program - Shortcut.lnk
2008-04-12 14:24 . 2009-05-21 20:25 18321 ----a-w- c:\program files\copying
2007-10-28 22:29 . 2007-10-28 22:02 969 ----a-w- c:\program files\DOTCOM1.NFO
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-13 4702208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SqueezeCenter Tray Tool.lnk]
backup=c:\windows\pss\SqueezeCenter Tray Tool.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:c4,44,36,51,90,12,ca,01

R2 SCPolicySvcAudiosrv;Smart Card Removal Policy SCPolicySvcAudiosrv;c:\windows\system32\algk.exe [x]
R2 seclogonProtectedStorage;Secondary Logon seclogonProtectedStorage;c:\windows\system32\ActionQueuej.exe [x]
R2 SessionEnvRasAuto;Terminal Services Configuration SessionEnvRasAuto;c:\windows\system32\ACWe.exe [x]
R2 SysMainWerSvc;Superfetch SysMainWerSvc;c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0u.exe [x]
R2 TBSFDResPub;TPM Base Services TBSFDResPub;c:\windows\system32\AdvancedInstallersa.exe [x]
R2 UxSmsAppinfo;Desktop Window Manager Session Manager UxSmsAppinfo;c:\windows\system32\acwizardf.exe [x]
R2 WlansvcPcaSvc;WLAN AutoConfig WlansvcPcaSvc;c:\windows\system32\admparseq.exe [x]
R2 WPCSvcslsvc;Parental Controls WPCSvcslsvc;c:\windows\system32\AgCPanelSwedisht.exe [x]
R2 wscsvcose;Security Center wscsvcose;c:\windows\system32\adsmsextv.exe [2008-01-19 95744]
R3 ADDMEM;ADDMEM;c:\users\CHRISD~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2008-07-29 8960]
R3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\Drivers\BCD3000.SYS [2008-03-30 42496]
R3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\Drivers\BCD3000WDM.SYS [2008-03-30 21600]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-02-12 17152]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2007-03-19 47104]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2007-02-09 130432]
R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2007-02-08 41984]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-16 685816]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-06-15 4149248]
S2 squeezesvc;SqueezeCenter;c:\program files\SqueezeCenter\server\squeezecenter.exe [2009-06-15 10080343]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 14:34]

2010-04-23 c:\windows\Tasks\User_Feed_Synchronization-{6CAF3F1F-4633-48AE-B54F-5BF7F021990E}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextWon&ssPageName=STRK:ME:LNLK:MEWNX
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Chris Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ixabem60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Chris Davis\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 18:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4040)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-23 18:43:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 17:43
ComboFix2.txt 2010-04-23 15:56

Pre-Run: 14,894,964,736 bytes free
Post-Run: 14,728,589,312 bytes free

- - End Of File - - 7A32E869CF8885FF639C43B2C8A71216


#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 23 April 2010 - 01:40 PM

Hi buddhafish,

STEP 1 - MBAM

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

STEP 3 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#10 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 23 April 2010 - 07:24 PM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4024

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

23/04/2010 20:30:43
mbam-log-2010-04-23 (20-30-43).txt

Scan type: Quick scan
Objects scanned: 122917
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, April 24, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 14:04:36
Records in database: 3973498
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 200304
Threats found: 12
Infected objects found: 33
Suspicious objects found: 0
Scan duration: 03:50:40


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\atapi.sys.vir Infected: Rootkit.Win32.Tdss.ai 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7eb3e3c0-5aa5a7e1 Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7eb3e3c0-5aa5a7e1 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\171bc0de-4c84d57c Infected: Exploit.Java.Agent.a 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\171bc0de-4c84d57c Infected: Exploit.Java.CVE-2009-3867.c 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7c172763-58455f86 Infected: Exploit.OSX.Smid.c 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\40709f6e-38bcae8d Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\40709f6e-38bcae8d Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\29112dbf-7be369ce Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\36d8f008-36c39a9b Infected: Exploit.Java.Agent.a 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\36d8f008-36c39a9b Infected: Exploit.Java.CVE-2009-3867.c 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\36d8f008-3971e9fd Infected: Exploit.Java.Agent.a 1
C:\Users\Chris Davis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\36d8f008-3971e9fd Infected: Exploit.Java.CVE-2009-3867.c 1
C:\Users\Chris Davis\AppData\Roaming\Thunderbird\Profiles\ewwwtirj.default\Mail\mail.cathedraltiling.co.uk\Trash Infected: Worm.Win32.Fujack.bd 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HUUE3YZ3\oHff455c68V0100f080006Rd60d86c6108Tb4fb1ae4201l0809317[1].pdf Infected: Exploit.JS.Pdfka.bxk 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\1353428e-22f97567 Infected: Exploit.Java.Agent.a 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\1353428e-22f97567 Infected: Trojan.Java.ClassLoader.aw 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5e06aece-441cc6f3 Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5e06aece-441cc6f3 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\4459ff22-31940baf Infected: Exploit.Java.Agent.a 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\4459ff22-31940baf Infected: Exploit.Java.CVE-2009-3867.c 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2b9b9425-3e5a8bbd Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2b9b9425-3e5a8bbd Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\658c0da9-7cfea15d Infected: Trojan-Downloader.Java.Agent.bk 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\410ec42c-4be1bb28 Infected: Trojan-Downloader.Java.Agent.bh 2
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\410ec42c-4be1bb28 Infected: Trojan-Downloader.Java.Agent.bk 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\410ec42c-4be1bb28 Infected: Exploit.Java.Agent.a 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\68894b8-6375c363 Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\68894b8-6375c363 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\983138-31af3afe Infected: Trojan-Downloader.Java.Agent.bk 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\25eb9c86-2238f0d9 Infected: Exploit.Java.Agent.a 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\25eb9c86-2238f0d9 Infected: Exploit.Java.CVE-2009-3867.c 1

Selected area has been scanned.


#11 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 24 April 2010 - 12:41 AM

Hi buddhafish,

Go Start -> Control Panel -> Java.
  • Click Settings
  • Click Delete Files
  • Click OK
Still having any problems?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#12 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 24 April 2010 - 02:16 AM

QUOTE(mpascal @ Apr 24 2010, 06:41 AM) View Post
Hi buddhafish,

Go Start -> Control Panel -> Java.
  • Click Settings
  • Click Delete Files
  • Click OK
Still having any problems?


Hi, did you mean General/Temporary Internet Files/Settings? Should I also deselect 'keep temporary files on my computer'?

It's all looking a lot, lot better now mpascal - no redirects so far this morning, and ave.exe seems to have bitten the dust. I guess I need to keep Java updated in future? Anything else I need to do to prevent future issues?



#13 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 24 April 2010 - 09:57 AM

QUOTE
Hi, did you mean General/Temporary Internet Files/Settings?

Sorry, yes that is what I meant.

QUOTE
Should I also deselect 'keep temporary files on my computer'?

I don't think that will be necessary. Leave that one checked.

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top.
STEP 2 - Uninstall ComboFix
  • Click on Start > Run
  • Type Combofix /uninstall in the run box and click Ok. Note the space between the x and the /uninstall, it needs to be there.
STEP 3 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#14 buddhafish

buddhafish
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 24 April 2010 - 10:05 AM

mpascal, you're a legend. Thanks for your all your help, and props to you and the other staff on here. Donation imminent. thumbup2.gif

Edited by buddhafish, 24 April 2010 - 10:32 AM.


#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:19 AM

Posted 24 April 2010 - 10:41 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users