Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus (atapi.sys)


  • Please log in to reply
13 replies to this topic

#1 saracen1966

saracen1966

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 26 April 2010 - 02:17 AM

Hi folks,
it would appear that my sons pc has become infected with some sort of malware that causes any google searches to be redirected to other search engines, or randomly log into other sites via opening another tab in firefox. I am not exactly au fait with computers so with a bit of research i have ended up here with the hope of redemption from this horrible thing. The research i did seemed to point to my atapi.sys file, and indeed i could see it modifying itself time after time, i do have a windows cd and had thought about replacing the files with clean ones from the cd but this is service pack 1 whereas currently running service pack 2 and was unsure whether or not this would be advisable, like i said not au fait so best left. The other thing i might add is that last night AVG went crazy and was pointing to win32/patcher.DO and the avgld86.sys file, not sure whether i did right but i uninstalled AVG and reinstalled fresh and that seems to have allieviated the problem but im now wondering just what else lies waiting. As requested please find the attatched logs,


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mainpc at 6:58:37.91 on 26/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.2048 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft LifeCam\LifeTray.exe
C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Mainpc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mainpc\appdata\roaming\mozilla\firefox\profiles\rgwo2mjz.default\
FF - prefs.js: browser.startup.homepage - hxxp://tehparadox.com/forum/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\mainpc\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}(287)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-26 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-26 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-26 242896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/24 19:41:33];c:\program files\cyberlink\powerdvd9\navfilter\000.fcl [2009-12-15 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-26 308064]
R2 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-3-28 410976]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-15 303952]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\homecinema\tv enhance\kernel\tv\TVECapSvc.exe [2010-3-23 360538]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\homecinema\tv enhance\kernel\tv\TVESched.exe [2010-3-23 131160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-15 20824]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2008-6-26 569344]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2010-3-23 13976]
S2 gupdate1cad72b6f0ccadd;Google Update Service (gupdate1cad72b6f0ccadd);c:\program files\google\update\GoogleUpdate.exe [2010-4-8 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-26 369920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-27 16472]

=============== Created Last 30 ================

2010-04-26 05:52:25 20 ----a-w- c:\users\mainpc\defogger_reenable
2010-04-25 23:47:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 23:39:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-25 23:39:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-25 23:39:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-25 23:39:26 0 d-----w- c:\windows\system32\drivers\Avg
2010-04-25 23:39:23 0 d-----w- c:\programdata\AVG Security Toolbar
2010-04-25 16:16:15 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-25 15:31:32 0 d-----w- c:\programdata\Hitman Pro
2010-04-25 15:17:05 0 d-----w- c:\users\mainpc\appdata\roaming\QuickScan
2010-04-24 11:32:15 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-24 11:32:15 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 17:50:47 0 d-----w- c:\users\mainpc\appdata\roaming\Facebook
2010-04-22 21:55:26 0 d-----w- c:\program files\common files\Java(203)
2010-04-15 16:00:16 0 d-----w- c:\windows\pss
2010-04-15 15:08:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 15:08:16 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 15:08:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 15:14:18 2359350 ----a-w- c:\windows\Bluestream.bmp
2010-04-14 15:14:18 0 d-----w- c:\program files\Toshiba
2010-04-14 15:14:07 0 d-----w- c:\users\mainpc\appdata\roaming\WinBatch
2010-04-14 06:11:09 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:11:09 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:11:09 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:11:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:11:06 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:11:05 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:11:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 06:11:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 06:11:00 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 06:11:00 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 06:11:00 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 06:10:27 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:10:10 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 17:09:27 0 d-----w- c:\programdata\TomTom
2010-04-12 17:09:08 0 d-----w- c:\users\mainpc\appdata\roaming\TomTom
2010-04-12 17:09:03 0 d-----w- c:\program files\TomTom International B.V
2010-04-12 17:08:54 0 d-----w- c:\program files\TomTom HOME 2
2010-04-12 17:03:37 0 d-----w- c:\program files\TomTom DesktopSuite
2010-04-12 15:46:35 0 d-----w- c:\program files\MSECache
2010-04-12 15:31:51 0 d-----w- c:\programdata\Office Genuine Advantage
2010-04-12 15:31:49 0 d-----w- c:\users\mainpc\Office Genuine Advantage
2010-04-12 15:22:58 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-12 15:22:58 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-12 15:18:13 0 d-----w- c:\program files\WMV9_VCM
2010-04-12 05:50:16 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-11 17:29:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-11 17:29:26 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-11 17:29:26 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-10 11:26:57 0 d-----w- c:\programdata\Sun
2010-04-09 18:15:59 0 d-----w- c:\programdata\Yahoo! Companion
2010-04-09 18:15:42 0 d-----w- c:\programdata\Yahoo!
2010-04-09 18:14:43 0 d-----w- c:\program files\Yahoo!
2010-04-09 13:58:09 0 d-----w- c:\program files\iPod
2010-04-09 13:58:07 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-09 13:58:07 0 d-----w- c:\program files\iTunes
2010-04-09 13:54:36 0 d-----w- c:\program files\Bonjour
2010-04-08 18:42:05 0 d-----w- C:\divx
2010-04-08 16:09:57 376 ----a-w- c:\windows\ODBC.INI
2010-04-08 16:09:25 0 d-----w- c:\program files\Microsoft ActiveSync
2010-04-08 15:35:01 0 d-----w- c:\program files\common files\DivX Shared
2010-04-08 14:55:21 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-08 14:54:33 0 d-----w- c:\program files\DivX
2010-04-08 14:53:54 0 d-----w- c:\programdata\DivX
2010-04-01 17:53:00 0 d-----w- c:\windows\Downloaded Installations
2010-04-01 17:52:13 0 d-----w- c:\program files\iStar
2010-04-01 05:55:21 0 d-----w- c:\programdata\Adobe
2010-03-30 16:26:40 0 d-----w- c:\program files\EPSON Print CD
2010-03-30 16:25:08 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-03-30 16:25:08 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-03-30 16:25:08 31744 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-03-30 16:25:08 182 ----a-w- c:\windows\system32\EBPPORT4.DAT
2010-03-30 16:25:07 75501 ----a-w- c:\windows\system32\EBPMON24.DLL
2010-03-30 16:25:03 0 d-----w- c:\program files\EPSON
2010-03-30 16:24:15 25 ----a-w- c:\windows\CDER300Euro.ini
2010-03-30 15:27:39 0 d-----w- c:\program files\DVD Decrypter
2010-03-30 15:14:33 0 d-----w- c:\program files\DVD Shrink
2010-03-30 15:02:04 0 d-----w- c:\program files\Windows Portable Devices
2010-03-30 15:01:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-30 15:01:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-30 14:45:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-30 14:45:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-30 14:45:35 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-29 23:04:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-29 23:04:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-29 23:04:04 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-29 18:03:10 0 d-----w- c:\windows\system32\eu-ES
2010-03-29 18:03:10 0 d-----w- c:\windows\system32\ca-ES
2010-03-29 18:03:09 0 d-----w- c:\windows\system32\vi-VN
2010-03-29 14:55:00 0 d-----w- c:\users\mainpc\appdata\roaming\Atari
2010-03-29 14:50:05 0 d-----w- c:\program files\Atari
2010-03-29 11:27:30 0 d-----w- c:\users\mainpc\appdata\roaming\HandBrake
2010-03-29 11:27:26 0 d-----w- c:\program files\Handbrake
2010-03-29 11:04:39 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-29 11:04:39 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-29 10:51:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-29 10:28:30 0 d-----w- c:\users\mainpc\appdata\roaming\IDM
2010-03-29 10:28:22 0 d-----w- c:\program files\Internet Download Manager
2010-03-28 18:12:39 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-03-28 18:12:37 0 d-----w- c:\program files\Ashampoo
2010-03-28 18:09:33 0 d-----w- c:\program files\Memory Washer
2010-03-28 18:05:42 0 d-----w- c:\program files\CCleaner
2010-03-28 12:08:28 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-28 12:07:33 0 d-----w- c:\programdata\Apple Computer
2010-03-28 11:42:10 774144 ----a-w- c:\windows\system32\NEROINSTAEC43759.DB
2010-03-28 11:42:09 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-03-28 11:41:44 0 ----a-w- c:\windows\Irremote.ini
2010-03-27 17:20:43 2527 ----a-w- c:\windows\system32\NMMediaServer.cfg
2010-03-27 17:12:32 0 d-----w- c:\programdata\vsosdk
2010-03-27 16:22:57 87608 ----a-w- c:\users\mainpc\appdata\roaming\inst.exe
2010-03-27 16:22:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-27 16:22:57 47360 ----a-w- c:\users\mainpc\appdata\roaming\pcouffin.sys
2010-03-27 16:22:52 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-03-27 16:22:52 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-03-27 16:22:52 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-03-27 16:22:52 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-03-27 16:22:52 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-03-27 16:22:52 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-03-27 16:22:52 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-03-27 16:22:50 0 d-----w- c:\program files\VSO
2010-03-27 16:20:14 69 ----a-w- c:\windows\NeroDigital.ini
2010-03-27 13:03:29 0 d-----w- c:\program files\uTorrent
2010-03-27 13:02:56 0 d-----w- c:\users\mainpc\appdata\roaming\uTorrent
2010-03-27 12:48:17 0 d-----w- c:\users\mainpc\appdata\roaming\RipIt4Me
2010-03-27 12:47:04 0 d-----w- c:\programdata\DVD Shrink
2010-03-27 12:33:11 0 d-----w- c:\program files\PeerBlock
2010-03-27 10:44:05 0 d-----w- c:\program files\NeroInstall.bak
2010-03-27 10:42:45 1024 ----a-w- c:\users\mainpc\.rnd
2010-03-27 10:41:04 0 d-----w- c:\programdata\Nero
2010-03-27 10:41:04 0 d-----w- c:\program files\Nero

==================== Find3M ====================

2010-04-26 05:54:39 120870 ----a-w- c:\programdata\nvModes.dat
2010-04-25 23:26:25 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-11 12:22:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-11 12:22:52 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-11 12:22:51 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-30 15:02:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-29 15:23:54 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-03-24 19:38:35 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-24 19:38:35 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-23 20:34:09 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-22 23:08:17 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-03-22 23:08:12 315392 ----a-w- c:\windows\HideWin.exe
2010-03-22 22:46:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-22 19:21:50 24576 ---ha-w- C:\SZKGFS.dat
2010-03-12 18:41:18 762736 ----a-w- c:\windows\vVX3000.exe
2010-03-12 18:41:18 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-03-12 18:41:18 227696 ----a-w- c:\windows\vVX3000.dll
2010-03-12 18:41:18 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2010-03-12 18:41:18 175472 ----a-w- c:\windows\system32\cVX3000.dll
2010-03-12 18:41:18 101232 ----a-w- c:\windows\VX3000.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 6:59:12.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 28 April 2010 - 01:46 PM


Hello saracen1966 smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.




Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.


When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.










Note: Please post the log in the reply window and do not make it an attachment. Do this with all subsequent replies unless I ask otherwise.







Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 saracen1966

saracen1966
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 29 April 2010 - 01:58 AM

Hi Thewall, first and foremost thankyou for your assistance i have as requested ran combofix and hereby include the log. I must say i was inclined to say all was well as i have had some stability since my post, however combofix tells a different tale.


ComboFix 10-04-28.04 - Mainpc 29/04/2010 7:45.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.2076 [GMT 1:00]
Running from: c:\users\Mainpc\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mainpc\AppData\Roaming\chrtmp
c:\users\Mainpc\AppData\Roaming\inst.exe
c:\users\Mainpc\AppData\Roaming\Microsoft\Windows\Recent\Discoteque-Team 4um -=- [[[ Up by marinero ]]].url

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-28 06:56 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 06:56 . 2010-04-28 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 06:56 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 15:25 . 2010-04-27 15:25 -------- d-----w- c:\program files\ESET
2010-04-26 17:20 . 2010-02-23 13:04 1664256 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-04-25 23:57 . 2010-04-25 23:57 -------- d-----w- c:\users\Mainpc\AppData\Local\AVG Security Toolbar
2010-04-25 23:47 . 2010-04-25 23:47 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 23:47 . 2010-04-25 23:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 23:39 . 2010-04-25 23:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-25 23:39 . 2010-04-25 23:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-25 23:39 . 2010-04-25 23:39 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-25 23:39 . 2010-04-25 23:39 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-25 23:39 . 2010-04-28 15:09 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-25 23:39 . 2010-04-26 17:20 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-04-25 16:16 . 2010-04-25 16:16 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-25 15:31 . 2010-04-25 15:31 -------- d-----w- c:\programdata\Hitman Pro
2010-04-25 15:17 . 2010-04-25 15:18 -------- d-----w- c:\users\Mainpc\AppData\Roaming\QuickScan
2010-04-24 11:32 . 2010-04-25 15:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-24 11:32 . 2010-04-24 11:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 17:50 . 2010-04-23 17:50 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Facebook
2010-04-22 21:55 . 2010-04-22 21:55 -------- d-----w- c:\program files\Common Files\Java(203)
2010-04-14 17:20 . 2010-04-14 17:23 -------- d-----w- c:\users\Mainpc\AppData\Roaming\ImgBurn
2010-04-14 17:16 . 2010-04-14 17:17 -------- d-----w- c:\program files\ImgBurn
2010-04-14 15:14 . 2010-04-14 15:14 -------- d-----w- c:\program files\Toshiba
2010-04-14 15:14 . 2010-04-14 15:14 -------- d-----w- c:\users\Mainpc\AppData\Roaming\WinBatch
2010-04-14 06:11 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:11 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:11 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:11 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:11 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:11 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:11 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 06:11 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 06:11 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 06:10 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:10 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\programdata\TomTom
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\users\Mainpc\AppData\Roaming\TomTom
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\users\Mainpc\AppData\Local\TomTom
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\program files\TomTom International B.V
2010-04-12 17:08 . 2010-04-12 17:08 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-12 17:03 . 2010-04-12 17:03 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-04-12 15:46 . 2010-04-12 15:57 -------- d-----w- c:\program files\MSECache
2010-04-12 15:31 . 2010-04-12 15:31 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-12 15:31 . 2010-04-12 15:31 -------- d-----w- c:\users\Mainpc\Office Genuine Advantage
2010-04-12 15:22 . 2010-04-12 15:22 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-12 15:22 . 2010-04-12 15:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-12 15:18 . 2010-04-12 15:18 -------- d-----w- c:\program files\WMV9_VCM
2010-04-12 15:17 . 2010-04-12 15:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 15:16 . 2010-04-12 15:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-12 05:50 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-11 17:29 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-11 17:29 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-11 17:29 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-10 11:27 . 2010-04-10 11:27 -------- d-----w- c:\windows\Sun
2010-04-10 11:26 . 2010-04-10 11:26 -------- d-----w- c:\program files\Java
2010-04-09 18:16 . 2010-04-10 10:45 -------- d-----w- c:\users\Mainpc\AppData\Local\Yahoo
2010-04-09 18:15 . 2010-04-10 10:45 -------- d-----w- c:\programdata\Yahoo! Companion
2010-04-09 18:15 . 2010-04-09 18:16 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Yahoo!
2010-04-09 18:15 . 2010-04-09 18:16 -------- d-----w- c:\programdata\Yahoo!
2010-04-09 18:15 . 2010-03-19 16:46 607544 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-04-09 18:14 . 2010-04-09 18:16 -------- d-----w- c:\program files\Yahoo!
2010-04-09 13:58 . 2010-04-09 13:58 -------- d-----w- c:\program files\iPod
2010-04-09 13:58 . 2010-04-09 13:58 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-09 13:58 . 2010-04-09 13:58 -------- d-----w- c:\program files\iTunes
2010-04-09 13:56 . 2010-04-09 13:56 -------- d-----w- c:\program files\QuickTime
2010-04-09 13:54 . 2010-04-09 13:54 -------- d-----w- c:\program files\Bonjour
2010-04-09 13:53 . 2010-04-09 13:53 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-08 18:42 . 2010-04-09 08:44 -------- d-----w- C:\divx
2010-04-08 16:09 . 2010-04-08 16:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-08 14:55 . 2010-03-22 18:37 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-08 14:55 . 2010-04-08 16:33 -------- d-----w- c:\users\Mainpc\AppData\Roaming\DivX
2010-04-08 14:55 . 2010-04-08 15:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-08 14:54 . 2010-04-08 14:55 -------- d-----w- c:\users\Mainpc\AppData\Local\Google
2010-04-08 14:54 . 2010-04-08 14:55 -------- d-----w- c:\program files\Google
2010-04-08 14:54 . 2010-04-08 15:35 -------- d-----w- c:\program files\DivX
2010-04-08 14:53 . 2010-04-08 15:35 -------- d-----w- c:\programdata\DivX
2010-04-06 13:53 . 2010-04-06 13:53 -------- d-----w- c:\users\Mainpc\AppData\Local\RapidWare
2010-04-05 01:08 . 2010-04-05 01:08 -------- d-----w- c:\program files\7-Zip
2010-04-01 17:53 . 2010-04-01 17:53 -------- d-----w- c:\windows\Downloaded Installations
2010-04-01 17:52 . 2010-04-06 10:14 -------- d-----w- c:\program files\iStar
2010-04-01 05:56 . 2010-04-12 15:18 -------- d-----w- c:\users\Mainpc\AppData\Local\Adobe
2010-03-30 16:26 . 2010-03-30 16:26 -------- d-----w- c:\program files\EPSON Print CD
2010-03-30 16:25 . 2003-05-21 02:27 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-03-30 16:25 . 2003-04-10 05:40 31744 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-03-30 16:25 . 2001-09-04 02:04 182 ----a-w- c:\windows\system32\EBPPORT4.DAT
2010-03-30 16:25 . 2000-06-07 01:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-03-30 16:25 . 2003-07-23 01:09 75501 ----a-w- c:\windows\system32\EBPMON24.DLL
2010-03-30 16:25 . 2010-03-30 16:26 -------- d-----w- c:\program files\EPSON
2010-03-30 15:27 . 2010-03-30 15:27 -------- d-----w- c:\program files\DVD Decrypter
2010-03-30 15:14 . 2010-03-30 15:14 -------- d-----w- c:\program files\DVD Shrink
2010-03-30 15:02 . 2010-03-30 15:02 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-30 14:45 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-30 14:45 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-30 14:45 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 06:39 . 2010-03-23 16:46 120870 ----a-w- c:\programdata\nvModes.dat
2010-04-29 06:39 . 2010-03-23 19:35 -------- d-----w- c:\users\Mainpc\AppData\Roaming\DMCache
2010-04-29 06:39 . 2010-03-22 23:05 -------- d-----w- c:\programdata\NVIDIA
2010-04-28 06:56 . 2010-03-23 15:54 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Malwarebytes
2010-04-28 06:56 . 2010-03-23 15:54 -------- d-----w- c:\programdata\Malwarebytes
2010-04-28 06:50 . 2010-03-29 10:28 -------- d-----w- c:\program files\Internet Download Manager
2010-04-27 16:54 . 2010-03-28 18:09 -------- d-----w- c:\program files\Memory Washer
2010-04-26 17:13 . 2010-03-27 13:02 -------- d-----w- c:\users\Mainpc\AppData\Roaming\uTorrent
2010-04-26 17:10 . 2010-03-28 18:05 -------- d-----w- c:\program files\CCleaner
2010-04-26 16:28 . 2010-03-24 22:20 -------- d-----w- c:\users\Mainpc\AppData\Roaming\vlc
2010-04-25 23:37 . 2010-03-23 16:11 -------- d-----w- c:\programdata\avg9
2010-04-25 23:26 . 2010-03-24 13:24 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-21 19:52 . 2010-03-27 16:22 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Vso
2010-04-15 05:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-09 13:58 . 2010-03-26 22:20 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 07:01 . 2010-03-22 22:54 55472 ----a-w- c:\users\Mainpc\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-06 19:13 . 2010-03-29 10:28 -------- d-----w- c:\users\Mainpc\AppData\Roaming\IDM
2010-04-01 17:52 . 2010-03-22 23:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-01 07:57 . 2010-03-29 11:27 -------- d-----w- c:\users\Mainpc\AppData\Roaming\HandBrake
2010-03-30 16:26 . 2010-03-22 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 15:16 . 2010-03-27 12:47 -------- d-----w- c:\programdata\DVD Shrink
2010-03-30 15:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-30 15:01 . 2010-03-30 15:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-30 15:01 . 2010-03-30 15:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-29 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-29 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-29 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-29 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-29 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-29 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-29 14:55 . 2010-03-29 14:55 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Atari
2010-03-29 14:53 . 2010-03-29 14:53 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Leadertech
2010-03-29 14:50 . 2010-03-29 14:50 -------- d-----w- c:\program files\Atari
2010-03-29 11:27 . 2010-03-29 11:27 -------- d-----w- c:\program files\Handbrake
2010-03-29 10:58 . 2010-03-28 12:10 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Apple Computer
2010-03-29 10:51 . 2010-03-29 10:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-29 10:51 . 2010-03-26 22:20 -------- d-----w- c:\programdata\Apple
2010-03-29 10:43 . 2010-03-29 10:43 198064 ----a-w- c:\users\Mainpc\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-28 18:12 . 2010-03-28 18:12 -------- d-----w- c:\program files\Ashampoo
2010-03-28 12:27 . 2010-03-22 22:53 7916 ----a-w- c:\users\Mainpc\AppData\Local\d3d9caps.dat
2010-03-28 12:22 . 2010-03-27 10:41 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 12:20 . 2010-03-27 10:41 -------- d-----w- c:\programdata\Nero
2010-03-28 12:09 . 2010-03-28 12:08 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-28 12:08 . 2010-03-28 12:07 -------- d-----w- c:\programdata\Apple Computer
2010-03-28 11:42 . 2010-03-27 12:33 -------- d-----w- c:\program files\PeerBlock
2010-03-27 17:12 . 2010-03-27 17:12 -------- d-----w- c:\programdata\vsosdk
2010-03-27 16:22 . 2010-03-27 16:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-27 16:22 . 2010-03-27 16:22 47360 ----a-w- c:\users\Mainpc\AppData\Roaming\pcouffin.sys
2010-03-27 16:22 . 2010-03-27 16:22 47360 ----a-w- c:\users\Mainpc\AppData\Roaming\pcouffin.sys
2010-03-27 16:22 . 2010-03-27 16:22 -------- d-----w- c:\program files\VSO
2010-03-27 13:03 . 2010-03-27 13:03 -------- d-----w- c:\program files\uTorrent
2010-03-27 12:48 . 2010-03-27 12:48 -------- d-----w- c:\users\Mainpc\AppData\Roaming\RipIt4Me
2010-03-27 12:48 . 2010-03-27 12:48 643072 ----a-w- c:\users\Mainpc\AppData\Roaming\RipIt4Me\updater\ri4mupdater.exe
2010-03-27 10:44 . 2010-03-27 10:44 -------- d-----w- c:\program files\NeroInstall.bak
2010-03-27 10:42 . 2010-03-27 10:42 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Nero
2010-03-27 10:41 . 2010-03-27 10:41 -------- d-----w- c:\program files\Nero
2010-03-26 22:20 . 2010-03-26 22:20 -------- d-----w- c:\program files\Apple Software Update
2010-03-26 16:37 . 2010-03-26 16:37 -------- d-----w- c:\users\Mainpc\AppData\Roaming\Media Player Classic
2010-03-25 20:38 . 2010-03-25 20:38 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-03-25 17:06 . 2010-03-25 17:06 -------- d-----w- c:\program files\Digital1Audio
2010-03-24 22:29 . 2010-03-23 20:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-24 22:19 . 2010-03-24 22:19 -------- d-----w- c:\program files\VideoLAN
2010-03-24 19:45 . 2010-03-22 23:20 -------- d-----w- c:\programdata\CyberLink
2010-03-24 19:45 . 2010-03-24 19:42 -------- d-----w- c:\users\Mainpc\AppData\Roaming\CyberLink
2010-03-24 19:41 . 2010-03-24 19:41 -------- d-----w- c:\program files\Common Files\CyberLink
2010-03-24 19:40 . 2010-03-22 23:19 -------- d-----w- c:\program files\Cyberlink
2010-03-24 19:38 . 2010-03-24 19:38 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-03-24 19:38 . 2010-03-22 23:20 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-24 19:38 . 2010-03-22 23:19 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-24 11:05 . 2010-03-23 18:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-23 21:17 . 2010-03-22 23:19 -------- d-----w- c:\program files\HomeCinema
2010-03-23 20:41 . 2010-03-23 20:40 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-03-23 20:40 . 2010-03-23 20:40 -------- d-----w- c:\users\Mainpc\AppData\Roaming\DAEMON Tools Pro
2010-03-23 20:34 . 2010-03-23 20:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-23 20:29 . 2010-03-23 20:29 -------- d-----w- c:\programdata\SlySoft
2010-03-23 20:25 . 2010-03-23 20:25 -------- d-----w- c:\program files\SlySoft
2010-03-23 18:45 . 2010-03-23 18:42 -------- d-----w- c:\program files\Windows Live
2010-03-23 18:44 . 2010-03-23 18:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-23 18:43 . 2010-03-23 18:43 -------- d-----w- c:\program files\Microsoft
2010-03-23 18:42 . 2010-03-23 18:42 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-23 18:37 . 2010-03-23 18:37 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-23 18:29 . 2010-03-23 18:29 -------- d-----w- c:\program files\Microsoft LifeCam
2010-03-23 17:04 . 2010-03-23 17:04 -------- d-----w- c:\program files\MSXML 4.0
2010-03-23 16:47 . 2010-03-23 16:45 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-23 16:46 . 2010-03-23 16:46 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-23 16:45 . 2010-03-23 16:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-23 16:11 . 2010-03-23 16:11 -------- d-----w- c:\program files\AVG
2010-03-22 23:16 . 2010-03-22 23:16 -------- d-----w- c:\programdata\X10 Settings
2010-03-22 23:16 . 2010-03-22 23:15 -------- d-----w- c:\program files\X10 Hardware
2010-03-22 23:15 . 2010-03-22 23:15 -------- d-----w- c:\program files\Common Files\X10
2010-03-22 23:14 . 2010-03-22 23:09 -------- d-----w- c:\program files\Intel
2010-03-22 23:12 . 2010-03-22 23:12 -------- d-----w- c:\users\Mainpc\AppData\Roaming\InstallShield
2010-03-22 23:08 . 2010-03-22 23:08 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-03-22 23:08 . 2010-03-22 23:08 -------- d-----w- c:\program files\Realtek
2010-03-22 23:08 . 2010-03-22 23:08 315392 ----a-w- c:\windows\HideWin.exe
2010-03-22 22:46 . 2010-03-22 22:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-22 19:21 . 2010-03-22 19:21 24576 ---ha-w- C:\SZKGFS.dat
2010-03-12 18:41 . 2010-03-12 18:41 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-03-12 18:41 . 2010-03-12 18:41 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2010-03-12 18:41 . 2010-03-12 18:41 175472 ----a-w- c:\windows\system32\cVX3000.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-25 3179952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-12 22:02 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-01-25 11:45 3179952 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 00:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-03-12 18:41 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 16:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 14:22 87336 ------w- c:\program files\Cyberlink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-03-27 13:02 319792 ----a-w- c:\users\Mainpc\Documents\Downloads\Programs\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:48,1b,7a,0c,6b,cf,ca,01

R2 gupdate1cad72b6f0ccadd;Google Update Service (gupdate1cad72b6f0ccadd);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 133104]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-23 685816]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-25 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-25 242896]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/24 19:41];c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-12-15 12:28 87536]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-25 308064]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2008-12-17 410976]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-06-03 360538]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2008-06-03 131160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:54]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Mainpc\AppData\Roaming\Mozilla\Firefox\Profiles\rgwo2mjz.default\
FF - prefs.js: browser.startup.homepage - hxxp://tehparadox.com/forum/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Mainpc\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 07:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
Completion time: 2010-04-29 07:52:15
ComboFix-quarantined-files.txt 2010-04-29 06:52

Pre-Run: 349,017,776,128 bytes free
Post-Run: 349,010,341,888 bytes free

- - End Of File - - 392B8E38F94F9D375B130B89653ABF69


#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 29 April 2010 - 07:51 AM

You're welcome.

Not a whole lot showing up there. Let's run the following to see what it may find:



I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push







If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 saracen1966

saracen1966
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 29 April 2010 - 05:40 PM

ok this is findings, all are known to be ok and i think they are triggering because of serial cracks/keygen related issues.

C:\Program Files\Cyberlink\PowerDVD9\CBS.dll probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\Digital1Audio\PCDJ VJ\pcdjvj.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\Memory Washer\MemoryWasher.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Users\Mainpc\Documents\Downloads\Programs\Memory_Washer_5.1.By.VICTORIOUS.rar probably unknown NewHeur_PE virus deleted - quarantined
D:\programmes\Programs\Memory_Washer_5.1.By.VICTORIOUS.rar probably unknown NewHeur_PE virus deleted - quarantined
D:\PCDJ.VJ.v1.0.6\EDGE\pcdjvj.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
Cheers again.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 29 April 2010 - 06:20 PM

Sorry but you lost me when you said: "all are known to be ok". Can you explain a little more what you mean by that?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 saracen1966

saracen1966
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 30 April 2010 - 01:05 AM

Sorry, maybe me being presumptius.... Pcdj is a programme ive had for a long time now thats never been flagged by AVG or MALWAREBYTES and similar to the power dvd there is a crack/serial involved so i presumed it was just a "false positive" any issues on the D drive were just my backing up in case of need to reformat

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 30 April 2010 - 10:17 AM

If you believe them to be OK and want to restore them from quarantine then of course that is your choice. If ESET sees them as cracked versions then that is probably why it took them off. Let me know how you wish to proceed.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 saracen1966

saracen1966
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 30 April 2010 - 01:32 PM

Hi again,
yes i am confident about the programmes and feel they are safe to remove from quarantine.
What would you recommend as my next instruction?

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 30 April 2010 - 03:37 PM

Does the computer seem to be running OK now?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 saracen1966

saracen1966
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 30 April 2010 - 04:35 PM

it seems to be, however i get occasions such as when i connected to this page, bottom left hand corner was switching between bleeping computer and "billyoneil.com" so whats that all about?

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 30 April 2010 - 04:59 PM

If it is just this page or this site then I would say it was a server issue. Got to admit that is a first one on me.


We'll run ATF just to clear out temps and things. If you are using FireFox be sure to close it down before running. Also if there is something you don't want cleaned out like cookies just uncheck the box beside it.


Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".






After that we'll move on to cleaning up our tools:





Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

  • The following will implement some very important cleanup procedures as well as reset System Restore points.




You can go ahead and delete GMER and DDS now if they are still on your desktop.






To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.






Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  1. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  2. Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  3. Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  4. Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  5. Finally, this is very important. It is absolutely essential to keep all of your security programs up to date




If you have any other questions or issues feel free to ask as I will be checking back on this topic.



Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum. smile.gif


thewall


If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 saracen1966

saracen1966
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 30 April 2010 - 06:47 PM

ok fingers crossed all seems good, thankyou for your time and patience thewall.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:13 PM

Posted 30 April 2010 - 07:00 PM

You're very welcome!!
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users