Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My search links are mostly (70%) redirected to sites which have a Web of Trust warning


  • This topic is locked This topic is locked
11 replies to this topic

#1 bluejay44

bluejay44

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 27 April 2010 - 11:53 AM

Most links I click on (Google search) just get redirected, some to another search list, others to dubious sites with a Web of Trust warning on them. There is no one particular name that shows when I highlight the redirect button - some of them are search pro,click search, feed genieknows,discoverexactly, pharmacystores etc.
So far I have used Malwarebytes, Superantispyware, Adaware, Spybot, Windows Defender and Housecall Launcher.
They showed up a few cookies which were deleted , but the problem continues.

Normally I only use Firefox but checked yesterday on Internet Explorer 8 and it is the same there when I tried a search.

Last week I had been hit by the security tool nasty and used advice here to get rid of it. My computer seemed fine for a few days - searches were all normal, no pop ups or anything unusual.

I use Avast antivirus, Ad-Aware and Windows Defender normally as protection. Guess I have been lucky as until last week I had never had problems in about 7 yrs of computing.

Thanks in advance for any help offered.



DDS (Ver_10-03-17.01) - NTFSx86
Run by NC6220 at 13:52:18.56 on 27/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1082 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100427-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\TRUSTM~1\wh_exec.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\NC6220\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\NC6220\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WheelMouse] c:\trustm~1\wh_exec.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\nc6220\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nc6220\applic~1\mozilla\firefox\profiles\2vuxxxek.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: c:\documents and settings\nc6220\application data\mozilla\firefox\profiles\2vuxxxek.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\nc6220\application data\mozilla\firefox\profiles\2vuxxxek.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-18 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-15 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-15 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-15 352920]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 whfltr2k;Trust Mouse 14831 USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2006-5-3 6784]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2010-3-13 69120]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

=============== Created Last 30 ================

2010-04-27 12:50:24 0 ----a-w- c:\documents and settings\nc6220\defogger_reenable
2010-04-27 12:30:51 0 d-----w- c:\program files\Trend Micro
2010-04-26 08:07:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-26 08:07:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-24 16:06:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-24 16:05:59 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 16:05:59 0 d-----w- c:\docume~1\nc6220\applic~1\SUPERAntiSpyware.com
2010-04-24 16:05:29 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-24 11:28:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 08:49:36 0 d-----w- c:\program files\Natalie Brooks - Secrets of Treasure House
2010-04-21 17:19:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 08:05:33 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-04-20 20:00:27 0 d-----w- c:\program files\Masquerade Mysteries - The Case of the Copycat Curator
2010-04-20 19:25:16 0 d-----w- c:\docume~1\nc6220\applic~1\Runes of Avalon 2
2010-04-20 12:14:38 0 d-----w- c:\windows\system32\XPSViewer
2010-04-20 12:13:47 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-20 12:13:47 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-20 12:13:47 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-20 12:13:47 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-20 12:13:47 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-20 12:13:47 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-20 12:13:47 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-20 12:13:46 0 d-----w- C:\c42084a0949506f33307abb695
2010-04-19 06:46:09 0 d-----w- c:\docume~1\nc6220\applic~1\Stardock
2010-04-19 06:46:06 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-04-19 06:46:05 0 d-----w- c:\program files\Stardock
2010-04-18 19:37:22 0 d-----w- c:\docume~1\nc6220\applic~1\Malwarebytes
2010-04-18 19:35:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 19:35:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-18 19:35:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 19:35:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 17:15:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-18 17:15:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 17:14:54 0 d-----w- c:\program files\Lavasoft
2010-04-16 12:09:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Playrix Entertainment
2010-04-16 11:52:03 0 d-----w- c:\program files\4 Elements
2010-04-15 22:28:04 14143121 ----a-w- c:\documents and settings\nc6220\Desktop4571_-_Nintendo_Presents_Crossword_Collection(EU).zip
2010-04-13 20:01:53 0 d-----w- c:\docume~1\nc6220\applic~1\DarkParablesBriarRoseSE_BFG
2010-04-13 09:30:17 0 d-----w- c:\program files\Love and Death - Bitten
2010-04-10 14:44:23 0 d-----w- c:\docume~1\nc6220\applic~1\JournalistJourney
2010-04-10 14:43:08 0 d-----w- c:\docume~1\nc6220\applic~1\Namco
2010-04-10 14:43:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Namco
2010-04-10 09:00:22 0 d-----w- c:\program files\Namco
2010-04-10 08:51:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-10 08:43:09 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 08:39:35 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2010-04-10 08:39:35 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-04-10 08:39:35 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-04-10 08:39:31 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2010-04-10 08:39:31 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-04-10 08:39:31 0 d-----w- c:\windows\system32\Lang
2010-04-10 08:39:30 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-04-10 08:37:32 0 d-----w- c:\program files\SystemRequirementsLab
2010-04-09 19:01:00 0 d-----w- c:\program files\Haunted Manor - Lord of Mirrors
2010-04-09 17:01:46 0 d-----w- c:\docume~1\nc6220\applic~1\mif2000's Hamlet
2010-04-09 16:59:14 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-04-09 16:58:33 0 d-----w- c:\program files\Alawar
2010-04-09 14:46:27 0 d-----w- C:\ProgramData
2010-04-09 14:43:08 0 d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-07 20:32:50 0 d-----w- c:\windows\system32\x64
2010-04-07 20:32:17 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-04-07 20:32:17 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-04-07 20:32:17 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-04-07 20:32:17 312320 ----a-w- c:\windows\system32\difx32.dll
2010-04-07 20:32:17 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2010-04-07 20:32:17 200704 ----a-w- c:\windows\system32\igfxCoIn_v4704.dll
2010-04-07 20:32:17 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2010-04-07 20:32:17 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2010-04-06 19:10:33 0 d-----w- c:\docume~1\nc6220\applic~1\Virtual Prophecy
2010-04-03 10:38:02 0 d-----w- c:\program files\The Mystery of the Crystal Portal - Beyond the Horizon
2010-04-01 20:24:13 0 d-----w- c:\program files\Mahjong Towers Eternity
2010-04-01 20:22:35 0 d-----w- c:\docume~1\nc6220\applic~1\Fugazo
2010-04-01 20:21:08 0 d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V6
2010-04-01 16:19:57 0 d-----w- c:\program files\Kitchen Brigade
2010-04-01 12:56:11 0 d--h--w- c:\windows\PIF
2010-03-31 09:16:33 0 d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V5
2010-03-30 19:06:47 0 d-----w- c:\docume~1\nc6220\applic~1\The Inquisitor
2010-03-30 19:06:47 0 d-----w- c:\docume~1\alluse~1\applic~1\The Inquisitor
2010-03-30 18:57:46 0 d-----w- c:\docume~1\nc6220\applic~1\YoudaGames
2010-03-30 18:01:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Fugazo

==================== Find3M ====================

2010-04-10 08:51:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 08:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-10-28 09:06:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102820091029\index.dat

============= FINISH: 13:52:45.62 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:17 AM

Posted 01 May 2010 - 01:16 PM

Hello, bluejay44.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 bluejay44

bluejay44
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 May 2010 - 08:33 AM

Thanks aommaster for your help.
here are the txt files asked for.


Logfile of random's system information tool 1.06 (written by random/random)
Run by NC6220 at 2010-05-02 11:29:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (33%) free of 57 GB
Total RAM: 2039 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:48, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\TRUSTM~1\wh_exec.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\NC6220\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\NC6220.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO:  - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WheelMouse] C:\TRUSTM~1\wh_exec.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9167 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5B367B6F-28B4-4105-BC7B-14CF59C5831C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C9FC25-88B0-4682-9C9F-2608E9117647}]
Big Fish Games Toolbar - C:\Program Files\BfgBar\bfg.dll [2009-04-28 91608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C7C9FC25-88B0-4682-9C9F-2608E9117647} - Big Fish Games Toolbar - C:\Program Files\BfgBar\bfg.dll [2009-04-28 91608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-13 88209]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-11-19 233534]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-03 122939]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2004-12-08 790528]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2004-12-08 184320]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"WheelMouse"=C:\TRUSTM~1\wh_exec.exe [2006-05-03 118784]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 2343120]
"DriverMax"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"DriverMax_RESTART"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-30 2020592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\NC6220\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Release\Tiscali.exe"="D:\Release\Tiscali.exe:*:Enabled:Tiscali Wireless Gateway Installation"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b56b8452-278c-11df-b37f-001500395396}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true


======List of files/folders created in the last 1 months======

2010-05-02 11:29:33 ----D---- C:\rsit
2010-04-28 20:58:56 ----D---- C:\Documents and Settings\NC6220\Application Data\Brunhilda_WIP9
2010-04-28 20:58:47 ----D---- C:\Documents and Settings\NC6220\Application Data\StoneLoops!
2010-04-28 20:58:47 ----D---- C:\Documents and Settings\NC6220\Application Data\Saqqarah
2010-04-28 20:58:47 ----D---- C:\Documents and Settings\NC6220\Application Data\MagicMatch
2010-04-28 20:58:47 ----D---- C:\Documents and Settings\NC6220\Application Data\BrunhildaBeta
2010-04-28 20:57:57 ----D---- C:\My Games
2010-04-28 19:02:29 ----D---- C:\Program Files\The Sultans Labyrinth
2010-04-27 13:30:51 ----D---- C:\Program Files\Trend Micro
2010-04-26 09:07:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-26 09:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-24 17:06:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 17:05:59 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-24 17:05:59 ----D---- C:\Documents and Settings\NC6220\Application Data\SUPERAntiSpyware.com
2010-04-24 17:05:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-24 12:28:02 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-04-24 09:49:36 ----D---- C:\Program Files\Natalie Brooks - Secrets of Treasure House
2010-04-21 09:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-04-20 21:00:27 ----D---- C:\Program Files\Masquerade Mysteries - The Case of the Copycat Curator
2010-04-20 20:25:16 ----D---- C:\Documents and Settings\NC6220\Application Data\Runes of Avalon 2
2010-04-20 13:14:38 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-20 13:14:32 ----D---- C:\Program Files\MSBuild
2010-04-20 13:14:18 ----D---- C:\Program Files\Reference Assemblies
2010-04-20 13:13:47 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-04-20 13:13:47 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-04-20 13:13:47 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-04-20 13:13:46 ----D---- C:\c42084a0949506f33307abb695
2010-04-19 07:46:09 ----D---- C:\Documents and Settings\NC6220\Application Data\Stardock
2010-04-19 07:46:06 ----HDC---- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-04-19 07:46:05 ----D---- C:\Program Files\Stardock
2010-04-18 20:37:22 ----D---- C:\Documents and Settings\NC6220\Application Data\Malwarebytes
2010-04-18 20:35:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-18 20:35:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-18 18:15:12 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 18:14:54 ----D---- C:\Program Files\Lavasoft
2010-04-18 18:14:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-16 13:09:21 ----D---- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2010-04-16 12:52:03 ----D---- C:\Program Files\4 Elements
2010-04-14 10:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 10:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 10:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 10:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 10:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 10:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 21:01:53 ----D---- C:\Documents and Settings\NC6220\Application Data\DarkParablesBriarRoseSE_BFG
2010-04-13 10:30:17 ----D---- C:\Program Files\Love and Death - Bitten
2010-04-10 15:44:23 ----D---- C:\Documents and Settings\NC6220\Application Data\JournalistJourney
2010-04-10 15:43:08 ----D---- C:\Documents and Settings\NC6220\Application Data\Namco
2010-04-10 15:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\Namco
2010-04-10 10:00:22 ----D---- C:\Program Files\Namco
2010-04-10 09:51:45 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-10 09:51:45 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-10 09:51:45 ----A---- C:\WINDOWS\system32\java.exe
2010-04-10 09:43:09 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-04-10 09:39:35 ----A---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2010-04-10 09:39:31 ----D---- C:\WINDOWS\system32\Lang
2010-04-10 09:39:30 ----A---- C:\WINDOWS\system32\igxpun.exe
2010-04-10 09:37:32 ----D---- C:\Program Files\SystemRequirementsLab
2010-04-10 09:37:24 ----D---- C:\Documents and Settings\NC6220\Application Data\SystemRequirementsLab
2010-04-09 20:01:00 ----D---- C:\Program Files\Haunted Manor - Lord of Mirrors
2010-04-09 18:01:46 ----D---- C:\Documents and Settings\NC6220\Application Data\mif2000's Hamlet
2010-04-09 17:59:14 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
2010-04-09 17:58:33 ----D---- C:\Program Files\Alawar
2010-04-09 15:46:27 ----D---- C:\ProgramData
2010-04-09 15:43:08 ----D---- C:\Program Files\Dominic Cranes Dreamscape Mystery
2010-04-07 21:32:50 ----D---- C:\WINDOWS\system32\x64
2010-04-07 21:32:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\igxprd32.dll
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\igfxCoIn_v4704.dll
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-04-07 21:32:17 ----A---- C:\WINDOWS\system32\difx32.dll
2010-04-06 20:10:33 ----D---- C:\Documents and Settings\NC6220\Application Data\Virtual Prophecy
2010-04-06 19:20:34 ----D---- C:\WINDOWS\Minidump
2010-04-03 11:38:02 ----D---- C:\Program Files\The Mystery of the Crystal Portal - Beyond the Horizon

======List of files/folders modified in the last 1 months======

2010-05-02 11:29:36 ----D---- C:\WINDOWS\Temp
2010-05-02 11:29:22 ----D---- C:\WINDOWS\Prefetch
2010-05-02 11:26:27 ----SD---- C:\WINDOWS\Tasks
2010-05-02 11:24:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-01 22:26:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-28 20:54:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-28 19:02:29 ----RD---- C:\Program Files
2010-04-27 20:49:37 ----D---- C:\Calibre Books
2010-04-27 19:51:07 ----SHD---- C:\WINDOWS\Installer
2010-04-27 19:50:33 ----D---- C:\Program Files\Calibre2
2010-04-27 13:50:24 ----D---- C:\Program Files\Mozilla Firefox
2010-04-27 13:29:34 ----D---- C:\WINDOWS\system32\drivers
2010-04-27 09:55:54 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-26 17:22:10 ----HD---- C:\WINDOWS\inf
2010-04-24 17:05:29 ----D---- C:\Program Files\Common Files
2010-04-24 12:28:02 ----D---- C:\WINDOWS\system32
2010-04-24 10:12:41 ----D---- C:\Documents and Settings\NC6220\Application Data\Friday's games
2010-04-21 17:16:52 ----D---- C:\Program Files\Shockwave.com
2010-04-21 17:12:00 ----D---- C:\DS
2010-04-21 16:38:36 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-21 16:38:29 ----RSD---- C:\WINDOWS\assembly
2010-04-21 15:33:33 ----D---- C:\WINDOWS
2010-04-21 09:31:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-21 09:30:39 ----D---- C:\WINDOWS\WinSxS
2010-04-21 09:28:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-21 09:28:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-20 13:14:33 ----D---- C:\WINDOWS\system32\en-US
2010-04-20 13:14:26 ----RSD---- C:\WINDOWS\Fonts
2010-04-20 13:14:00 ----D---- C:\WINDOWS\system32\spool
2010-04-20 13:11:39 ----D---- C:\Program Files\Internet Explorer
2010-04-19 08:13:29 ----D---- C:\Ebooks
2010-04-18 21:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB884575$
2010-04-17 08:52:05 ----D---- C:\Documents and Settings\NC6220\Application Data\Orneon
2010-04-16 19:23:20 ----D---- C:\Documents and Settings\NC6220\Application Data\uTorrent
2010-04-14 10:29:40 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 10:29:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 10:20:10 ----D---- C:\WINDOWS\ie8updates
2010-04-13 11:20:49 ----D---- C:\Documents and Settings\NC6220\Application Data\PlayFirst
2010-04-10 15:43:39 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2010-04-10 09:52:06 ----D---- C:\Program Files\Common Files\Java
2010-04-10 09:51:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-10 09:51:27 ----D---- C:\Program Files\Java
2010-04-10 09:45:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-10 09:39:13 ----D---- C:\Intel
2010-04-07 22:31:56 ----D---- C:\Program Files\Dragon
2010-04-06 18:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 11:38:36 ----D---- C:\Documents and Settings\NC6220\Application Data\Artogon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 ClntMgmt.sys;ClntMgmt.sys; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2004-02-20 59044]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-03 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-03 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-03 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-03 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-03 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-03 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-03 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-03 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-03 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-13 1066278]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-11-16 190592]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-03-29 1340698]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-03-29 55448]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-09-02 32640]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2009-11-11 2216064]
R3 whfltr2k;Trust Mouse 14831 USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2006-05-03 6784]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-03-29 254007]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-10 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-28 1284840]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2004-11-18 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2010-03-13 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

..............................................................................................................................................................

info.txt logfile of random's system information tool 1.06 2010-05-02 11:29:55

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
1 Penguin 100 Cases-->"C:\Program Files\1 Penguin 100 Cases\Uninstall.exe"
4 Elements-->"C:\Program Files\4 Elements\Uninstall.exe"
ABC Amber LIT Converter-->C:\Ebooks\ABCAMB~1\UNWISE.EXE C:\Ebooks\ABCAMB~1\INSTALL.LOG
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Agere Systems AC'97 Modem-->agrsmdel
Alabama Smith in the Quest of Fate-->C:\PROGRA~1\SHOCKW~1.COM\ALABAM~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ALABAM~1\INSTALL.LOG
Alice's Magical Mahjong-->"C:\Program Files\Alice's Magical Mahjong\Uninstall.exe"
Amazon Kindle For PC v1.0-->C:\Program Files\Amazon\Kindle For PC\uninstall.exe
Anka-->"C:\Program Files\Anka\Uninstall.exe"
Annabel-->"C:\Program Files\Annabel\Uninstall.exe"
Autumn's Treasures-->C:\PROGRA~1\SHOCKW~1.COM\AUTUMN~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\AUTUMN~1\INSTALL.LOG
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azada &reg;-->"C:\Program Files\Azada\Uninstall.exe"
Big Fish Games Toolbar 2.0-->C:\Program Files\BfgBar\uninstall.exe
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
Broadcom NetXtreme Ethernet Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Brunhilda 1.05 Beta-->C:\My Games\Brunhilda BETA\uninst.exe
calibre-->MsiExec.exe /I{7BD68667-2431-4E4D-B6B3-CB78A3789946}
Dark Parables: Curse of Briar Rose-->"C:\Program Files\Dark Parables - Curse of Briar Rose\Uninstall.exe"
Dominic Crane's Dreamscape Mystery-->"C:\Program Files\Dominic Cranes Dreamscape Mystery\Uninstall.exe"
Dr. Wise - Medical Mysteries-->C:\PROGRA~1\SHOCKW~1.COM\DRCF30~1.WIS\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DRCF30~1.WIS\INSTALL.LOG
Dragon-->"C:\Program Files\Dragon\Uninstall.exe"
DriverMax 5-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
Empress of the Deep: The Darkest Secret-->"C:\Program Files\Empress of the Deep - The Darkest Secret\Uninstall.exe"
Escape from Lost Island-->C:\PROGRA~1\SHOCKW~1.COM\ESCAPE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ESCAPE~1\INSTALL.LOG
Faerie Solitaire-->"C:\Program Files\Faerie Solitaire\Uninstall.exe"
Fences-->"C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe" REMOVE=TRUE MODIFY=FALSE
Fences-->C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe
Fiction Fixers Adventures in Wonderland Demo V6-->"C:\Program Files\Fiction Fixers Adventures in Wonderland Demo V6\unins000.exe"
Gemsweeper-->"C:\Program Files\Gemsweeper\Uninstall.exe"
Green Moon-->C:\PROGRA~1\SHOCKW~1.COM\GREENM~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\GREENM~1\INSTALL.LOG
Haunted Manor: Lord of Mirrors Collector's Edition-->"C:\Program Files\Haunted Manor - Lord of Mirrors Collector's Edition\Uninstall.exe"
Haunted Manor: Lord of Mirrors-->"C:\Program Files\Haunted Manor - Lord of Mirrors\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Accessories Product Tour-->MsiExec.exe /I{D0572854-191F-45DB-B959-641F8E5C8409}
HP BIOS Configuration for ProtectTools 1.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\setup.exe" -l0x9 biosuninst
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP ProtectTools Security Manager 1.00 C3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\setup.exe" -l0x9 hpquninst
HP Wireless Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9
iCare Data Recovery Software3.5-->"C:\Program Files\iCare Data Recovery Software\unins000.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Island: The Lost Medallion-->"C:\Program Files\Island - The Lost Medallion\Uninstall.exe"
It's all about masks-->"C:\Program Files\It's all about masks\Uninstall.exe"
IZArc 4.1-->"C:\Program Files\IZArc\unins000.exe"
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Joan Jade and the Gates of Xibalba-->"C:\Program Files\Joan Jade and the Gates of Xibalba\Uninstall.exe"
Joan Jade and the Gates of Xibalba-->C:\PROGRA~1\SHOCKW~1.COM\THEGAT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\THEGAT~1\INSTALL.LOG
Liong: The Lost Amulets-->"C:\Program Files\Liong - The Lost Amulets\Uninstall.exe"
Love & Death ™: Bitten ™-->"C:\Program Files\Love and Death - Bitten\Uninstall.exe"
Luxor - Amun Rising-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-luxoramunrising.rguninst" "AddRemove"
Luxor 2-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-luxor2.rguninst" "AddRemove"
Luxor 3-->"C:\Program Files\Luxor 3\Uninstall.exe"
Luxor MahJong-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-luxormahjong.rguninst" "AddRemove"
Luxor-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-luxor.rguninst" "AddRemove"
Mah Jong Quest-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-mahjongquest.rguninst" "AddRemove"
Mahjong The Endless Journey-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-mahjongtheendlessjourney.rguninst" "AddRemove"
Mahjong Towers Eternity -->"C:\Program Files\Mahjong Towers Eternity\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Masquerade Mysteries: The Case of the Copycat Curator-->"C:\Program Files\Masquerade Mysteries - The Case of the Copycat Curator\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Millennium Secrets: Emerald Curse-->"C:\Program Files\Millennium Secrets - Emerald Curse\Uninstall.exe"
Mishap: An Accidental Haunting ™-->"C:\Program Files\Mishap - An Accidental Haunting\Uninstall.exe"
Mobipocket Reader 6.2-->MsiExec.exe /I{342126E1-173C-4585-BFBE-3EBDD20E3E9E}
Mortimer Beckett and the Lost King-->C:\PROGRA~1\SHOCKW~1.COM\MORTIM~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\MORTIM~1\INSTALL.LOG
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nat Geo Games©: Mystery of Cleopatra-->C:\PROGRA~1\SHOCKW~1.COM\MYSTER~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\MYSTER~1\INSTALL.LOG
Natalie Brooks: Mystery at Hillcrest High-->C:\PROGRA~1\SHOCKW~1.COM\NATALI~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\NATALI~1\INSTALL.LOG
Natalie Brooks: Secrets of Treasure House-->"C:\Program Files\Natalie Brooks - Secrets of Treasure House\Uninstall.exe"
Nightfall Mysteries: Curse of the Opera-->"C:\Program Files\Nightfall Mysteries - Curse of the Opera\Uninstall.exe"
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Pathfinders: Lost at Sea-->"C:\Program Files\Pathfinders - Lost at Sea\Uninstall.exe"
Pirate Poppers-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-piratepoppers.rguninst" "AddRemove"
PuppetShow: Mystery of Joyville ™-->"C:\Program Files\PuppetShow - Mystery of Joyville\Uninstall.exe"
Quick Launch Buttons 5.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Rasputin's Curse-->"C:\Program Files\Rasputin's Curse\Uninstall.exe"
Secret Mission: The Forgotten Island-->"C:\Program Files\Secret Mission - The Forgotten Island\Uninstall.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
SoftSkies-->C:\Program Files\SoundSpectrum\SoftSkies\Uninstall.exe
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab for Intel-->MsiExec.exe /I{F7FC9307-374E-4017-8E9D-DE1154780480}
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
The Dark Hills of Cherai-->"C:\Program Files\The Dark Hills of Cherai\Uninstall.exe"
The Fall Trilogy-->"C:\Program Files\The Fall Trilogy\Uninstall.exe"
The Legend of Crystal Valley™-->C:\PROGRA~1\SHOCKW~1.COM\THELEG~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\THELEG~1\INSTALL.LOG
The Magician's Handbook: Cursed Valley-->C:\PROGRA~1\SHOCKW~1.COM\THEMAG~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\THEMAG~1\INSTALL.LOG
The Mystery of the Crystal Portal: Beyond the Horizon-->"C:\Program Files\The Mystery of the Crystal Portal - Beyond the Horizon\Uninstall.exe"
The Sultan's Labyrinth-->"C:\Program Files\The Sultans Labyrinth\Uninstall.exe"
Time Riddles: The Mansion-->"C:\Program Files\Time Riddles - The Mansion\Uninstall.exe"
Treasure Seekers: Follow the Ghosts-->"C:\Program Files\Treasure Seekers - Follow the Ghosts\Uninstall.exe"
Trial of the Gods: Ariadne's Fate-->"C:\Program Files\Trial of the Gods - Ariadnes Fate\Uninstall.exe"
Trust Mouse 14831 1.0.0.1-->C:\TRUSTM~1\uninst.exe
Unexpected Journey-->"C:\Program Files\Unexpected Journey\Uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Veronica Rivers: Portals to the Unknown -->"C:\Program Files\Veronica Rivers - Portals to the Unknown\Uninstall.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World Mosaics™-->C:\PROGRA~1\SHOCKW~1.COM\WORLDM~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\WORLDM~1\INSTALL.LOG
Zuma’s Revenge!™ - Adventure-->C:\PROGRA~1\SHOCKW~1.COM\ZUMA'S~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ZUMA'S~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100501-1]

======System event log======

Computer Name: NC6220-730E52B1
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 15479
Source Name: b57w2k
Time Written: 20100418090759.000000+060
Event Type: warning
User:

Computer Name: NC6220-730E52B1
Event Code: 1002
Message: The IP address lease 192.168.0.8 for the Network Card with network address 001500395396 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 15476
Source Name: Dhcp
Time Written: 20100418090744.000000+060
Event Type: error
User:

Computer Name: NC6220-730E52B1
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 15445
Source Name: b57w2k
Time Written: 20100417214726.000000+060
Event Type: warning
User:

Computer Name: NC6220-730E52B1
Event Code: 1002
Message: The IP address lease 192.168.1.4 for the Network Card with network address 001500395396 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 15442
Source Name: Dhcp
Time Written: 20100417214720.000000+060
Event Type: error
User:

Computer Name: NC6220-730E52B1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001500395396. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 15441
Source Name: Dhcp
Time Written: 20100417214719.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: NC6220-730E52B1
Event Code: 1000
Message: Faulting application pdftohtml.exe, version 0.0.0.0, faulting module msvcr90.dll, version 9.0.21022.8, fault address 0x0003bb7b.

Record Number: 1536
Source Name: Application Error
Time Written: 20100309124159.000000+000
Event Type: error
User:

Computer Name: NC6220-730E52B1
Event Code: 1000
Message: Faulting application pdftohtml.exe, version 0.0.0.0, faulting module msvcr90.dll, version 9.0.21022.8, fault address 0x0003bb7b.

Record Number: 1534
Source Name: Application Error
Time Written: 20100309122504.000000+000
Event Type: error
User:

Computer Name: NC6220-730E52B1
Event Code: 1000
Message: Faulting application pdftohtml.exe, version 0.0.0.0, faulting module msvcr90.dll, version 9.0.21022.8, fault address 0x0003bb7b.

Record Number: 1532
Source Name: Application Error
Time Written: 20100309111738.000000+000
Event Type: error
User:

Computer Name: NC6220-730E52B1
Event Code: 1001
Message: Fault bucket 1254995735.

Record Number: 1530
Source Name: Application Error
Time Written: 20100309111627.000000+000
Event Type: error
User:

Computer Name: NC6220-730E52B1
Event Code: 1000
Message: Faulting application pdftohtml.exe, version 0.0.0.0, faulting module msvcr90.dll, version 9.0.21022.8, fault address 0x0003bb7b.

Record Number: 1529
Source Name: Application Error
Time Written: 20100309111608.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Calibre2\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

..................................................................................................................................................................



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-02 14:19:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\NC6220\LOCALS~1\Temp\pwryyfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA4756B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA475574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA475A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA47514C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA47564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA47508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA4750F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA47576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA47572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA4758AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA5E4900]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF73C2780]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF66C23BF]
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6686A80]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF7804192]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2088] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 [F73B5B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F73B5B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F73B5B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:17 AM

Posted 02 May 2010 - 11:37 AM

Hello, bluejay44.
Glad to help smile.gif

P2P Program Warning!

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to disable TeaTimer
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Uncheck the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy
NEXT:

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

Edited by aommaster, 02 May 2010 - 11:37 AM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 bluejay44

bluejay44
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 May 2010 - 03:50 PM

Hi again aommaster,
Here are the files you ask for.

I had disabled teatimer already after reading other threads on the forum.
At the moment utorrent is still on the computer because it does not uninstall with add/remove. I believe it just has to be deleted but I want to make sure about that.
Are there any p2p programs that are better than others?


ComboFix 10-05-02.01 - NC6220 02/05/2010 20:56:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1522 [GMT 1:00]
Running from: c:\documents and settings\NC6220\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100502-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
C:\Install.exe
c:\program files\WindowsUpdate

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 10:29 . 2010-05-02 10:29 -------- d-----w- C:\rsit
2010-04-28 19:58 . 2010-04-28 20:15 -------- d-----w- c:\documents and settings\NC6220\Application Data\Brunhilda_WIP9
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\StoneLoops!
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\Saqqarah
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\MagicMatch
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\BrunhildaBeta
2010-04-28 19:57 . 2010-04-28 19:57 -------- d-----w- C:\My Games
2010-04-28 18:02 . 2010-04-28 18:02 -------- d-----w- c:\program files\The Sultans Labyrinth
2010-04-27 12:30 . 2010-05-02 10:29 -------- d-----w- c:\program files\Trend Micro
2010-04-26 08:07 . 2010-04-26 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-26 08:07 . 2010-04-26 08:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-24 16:06 . 2010-04-24 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 16:05 . 2010-04-30 09:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 16:05 . 2010-04-24 16:05 -------- d-----w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com
2010-04-24 16:05 . 2010-04-24 16:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-24 11:28 . 2010-04-21 17:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 08:49 . 2010-04-24 08:49 -------- d-----w- c:\program files\Natalie Brooks - Secrets of Treasure House
2010-04-21 17:19 . 2010-04-21 17:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 20:00 . 2010-04-20 20:01 -------- d-----w- c:\program files\Masquerade Mysteries - The Case of the Copycat Curator
2010-04-20 19:25 . 2010-04-20 19:25 -------- d-----w- c:\documents and settings\NC6220\Application Data\Runes of Avalon 2
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\documents and settings\NC6220\Application Data\Stardock
2010-04-19 06:46 . 2010-04-19 06:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\program files\Stardock
2010-04-18 19:37 . 2010-04-18 19:37 -------- d-----w- c:\documents and settings\NC6220\Application Data\Malwarebytes
2010-04-18 19:35 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 19:35 . 2010-04-18 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-18 19:35 . 2010-04-18 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 19:35 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 17:15 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-18 17:15 . 2010-04-18 17:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 17:14 . 2010-04-18 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-18 17:14 . 2010-04-18 17:15 -------- d-----w- c:\program files\Lavasoft
2010-04-16 12:09 . 2010-04-16 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-04-16 11:52 . 2010-04-16 11:52 -------- d-----w- c:\program files\4 Elements
2010-04-15 22:28 . 2010-04-15 22:21 14143121 ----a-w- c:\documents and settings\NC6220\Desktop4571_-_Nintendo_Presents_Crossword_Collection(EU).zip
2010-04-13 20:01 . 2010-04-15 16:06 -------- d-----w- c:\documents and settings\NC6220\Application Data\DarkParablesBriarRoseSE_BFG
2010-04-13 09:30 . 2010-04-13 09:31 -------- d-----w- c:\program files\Love and Death - Bitten
2010-04-10 14:44 . 2010-04-10 15:02 -------- d-----w- c:\documents and settings\NC6220\Application Data\JournalistJourney
2010-04-10 14:43 . 2010-04-10 14:43 -------- d-----w- c:\documents and settings\NC6220\Application Data\Namco
2010-04-10 14:43 . 2010-04-10 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Namco
2010-04-10 09:00 . 2010-04-11 08:59 -------- d-----w- c:\program files\Namco
2010-04-10 08:43 . 2007-01-13 08:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 08:39 . 2007-01-13 09:46 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2010-04-10 08:39 . 2010-04-10 08:39 -------- d-----w- c:\windows\system32\Lang
2010-04-10 08:39 . 2007-01-19 09:14 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-04-10 08:37 . 2010-04-10 08:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-10 08:37 . 2010-04-10 08:37 -------- d-----w- c:\documents and settings\NC6220\Application Data\SystemRequirementsLab
2010-04-09 19:01 . 2010-04-09 19:02 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
2010-04-09 17:01 . 2010-04-09 17:01 -------- d-----w- c:\documents and settings\NC6220\Application Data\mif2000's Hamlet
2010-04-09 16:59 . 2010-04-09 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-09 16:58 . 2010-04-11 08:59 -------- d-----w- c:\program files\Alawar
2010-04-09 14:46 . 2010-04-09 14:46 -------- d-----w- C:\ProgramData
2010-04-09 14:43 . 2010-04-09 14:44 -------- d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-08 08:27 . 2010-04-08 08:27 -------- d-----w- c:\documents and settings\NC6220\Local Settings\Application Data\AlwaysNeat
2010-04-07 20:32 . 2010-04-07 20:32 -------- d-----w- c:\windows\system32\x64
2010-04-07 20:32 . 2010-04-18 17:15 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-07 20:32 . 2007-01-13 09:33 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2010-04-07 20:32 . 2007-01-13 09:33 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-04-07 20:32 . 2007-01-13 09:33 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-04-07 20:32 . 2007-01-13 09:32 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2010-04-07 20:32 . 2007-01-13 09:32 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2010-04-07 20:32 . 2006-11-10 07:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-04-07 20:32 . 2006-10-10 06:24 200704 ----a-w- c:\windows\system32\igfxCoIn_v4704.dll
2010-04-07 20:32 . 2006-10-10 06:24 312320 ----a-w- c:\windows\system32\difx32.dll
2010-04-06 19:10 . 2010-04-06 19:10 -------- d-----w- c:\documents and settings\NC6220\Application Data\Virtual Prophecy
2010-04-06 16:06 . 2010-04-06 16:06 -------- d-----w- c:\documents and settings\NC6220\Local Settings\Application Data\Menge
2010-04-03 10:38 . 2010-04-03 10:38 -------- d-----w- c:\program files\The Mystery of the Crystal Portal - Beyond the Horizon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 09:18 . 2010-04-30 09:18 62976 ----a-w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-04-30 09:18 . 2010-04-24 16:07 117760 ----a-w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-28 19:54 . 2009-10-11 20:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-28 17:16 . 2010-04-21 17:18 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-28 17:16 . 2010-04-21 17:18 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-28 17:16 . 2010-04-21 17:18 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-28 17:16 . 2010-04-21 17:18 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-28 17:16 . 2010-04-21 17:18 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-28 17:16 . 2010-04-21 17:17 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-28 17:16 . 2010-04-21 17:17 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-28 17:16 . 2010-04-21 17:17 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-28 17:16 . 2010-04-21 17:17 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-28 17:16 . 2010-04-21 17:17 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-28 17:15 . 2010-04-21 17:17 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-28 17:15 . 2010-04-21 17:17 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-28 17:15 . 2010-04-21 17:17 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-28 17:15 . 2010-04-21 17:17 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-28 17:15 . 2010-04-21 17:17 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-28 17:15 . 2010-04-21 17:17 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-28 17:15 . 2010-04-21 17:17 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-28 17:15 . 2010-04-28 17:15 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-28 17:15 . 2010-04-21 17:17 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-28 17:15 . 2010-04-21 17:17 1284840 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-27 19:04 . 2010-02-14 22:07 1 ----a-w- c:\documents and settings\NC6220\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-27 18:50 . 2010-03-06 11:57 -------- d-----w- c:\program files\Calibre2
2010-04-27 12:30 . 2010-04-27 12:30 388096 ----a-r- c:\documents and settings\NC6220\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-24 16:07 . 2010-04-24 16:07 52224 ----a-w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 09:12 . 2010-01-28 12:55 -------- d-----w- c:\documents and settings\NC6220\Application Data\Friday's games
2010-04-21 17:18 . 2010-04-21 17:18 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-21 17:18 . 2010-04-21 17:18 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-21 17:17 . 2010-04-21 17:17 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-21 17:17 . 2010-04-21 17:17 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-21 17:17 . 2010-04-21 17:17 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-21 16:16 . 2009-11-11 10:29 -------- d-----w- c:\program files\Shockwave.com
2010-04-20 15:18 . 2009-10-12 06:20 45216 ----a-w- c:\documents and settings\NC6220\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-20 12:14 . 2010-04-20 12:14 -------- d-----w- c:\program files\MSBuild
2010-04-20 12:14 . 2010-04-20 12:14 -------- d-----w- c:\program files\Reference Assemblies
2010-04-17 07:52 . 2010-03-06 18:09 -------- d-----w- c:\documents and settings\NC6220\Application Data\Orneon
2010-04-16 18:23 . 2010-02-14 11:12 -------- d-----w- c:\documents and settings\NC6220\Application Data\uTorrent
2010-04-13 10:20 . 2009-10-16 13:05 -------- d-----w- c:\documents and settings\NC6220\Application Data\PlayFirst
2010-04-10 14:43 . 2009-10-16 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-04-10 08:52 . 2006-10-14 18:06 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 08:51 . 2009-11-02 21:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 08:51 . 2006-10-14 18:06 -------- d-----w- c:\program files\Java
2010-04-10 08:37 . 2010-04-10 08:37 84480 ----a-w- c:\documents and settings\NC6220\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-07 21:31 . 2009-10-24 11:33 -------- d-----w- c:\program files\Dragon
2010-04-03 10:38 . 2010-03-18 17:50 -------- d-----w- c:\documents and settings\NC6220\Application Data\Artogon
2010-04-02 12:13 . 2010-04-01 16:19 -------- d-----w- c:\program files\Kitchen Brigade
2010-04-02 09:59 . 2009-12-30 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2010-04-02 09:16 . 2010-04-01 20:24 -------- d-----w- c:\program files\Mahjong Towers Eternity
2010-04-01 20:22 . 2010-04-01 20:22 -------- d-----w- c:\documents and settings\NC6220\Application Data\Fugazo
2010-04-01 20:21 . 2010-04-01 20:21 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V6
2010-04-01 19:01 . 2010-03-28 10:30 -------- d-----w- c:\documents and settings\NC6220\Application Data\MysteryStudio
2010-04-01 17:25 . 2010-03-30 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-03-31 09:51 . 2010-03-31 09:16 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V5
2010-03-30 19:06 . 2010-03-30 19:06 -------- d-----w- c:\documents and settings\NC6220\Application Data\The Inquisitor
2010-03-30 19:06 . 2010-03-30 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\The Inquisitor
2010-03-30 18:57 . 2010-03-30 18:57 -------- d-----w- c:\documents and settings\NC6220\Application Data\YoudaGames
2010-03-29 14:59 . 2010-03-12 09:51 -------- d-----w- c:\program files\Amazon
2010-03-28 12:25 . 2010-03-28 12:19 -------- d-----w- c:\documents and settings\NC6220\Application Data\LegacyInteractive
2010-03-28 11:08 . 2010-03-28 11:07 -------- d-----w- c:\program files\Dark Parables - Curse of Briar Rose
2010-03-28 08:57 . 2010-03-28 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Particles
2010-03-28 08:57 . 2010-03-28 08:57 -------- d-----w- c:\documents and settings\NC6220\Application Data\Specialbit
2010-03-28 08:57 . 2010-03-28 08:56 -------- d-----w- c:\program files\Island - The Lost Medallion
2010-03-27 20:34 . 2010-03-27 20:34 -------- d-----w- c:\documents and settings\NC6220\Application Data\Meridian93
2010-03-27 20:34 . 2010-03-27 20:33 -------- d-----w- c:\program files\Unexpected Journey
2010-03-27 10:45 . 2010-03-27 10:45 -------- d-----w- c:\documents and settings\NC6220\Application Data\Absolutist
2010-03-27 10:45 . 2010-03-27 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Absolutist
2010-03-27 10:02 . 2010-03-26 13:47 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V1
2010-03-26 10:18 . 2010-03-26 10:18 -------- d-----w- c:\program files\1 Penguin 100 Cases
2010-03-26 09:52 . 2010-03-26 09:52 -------- d-----w- c:\documents and settings\NC6220\Application Data\Artifex Mundi
2010-03-26 09:36 . 2010-03-26 09:35 -------- d-----w- c:\program files\Joan Jade and the Gates of Xibalba
2010-03-25 17:27 . 2010-01-08 10:20 -------- d-----w- c:\documents and settings\NC6220\Application Data\ERS G-Studio
2010-03-25 14:38 . 2010-03-25 14:37 -------- d-----w- c:\program files\Pathfinders - Lost at Sea
2010-03-25 13:27 . 2010-03-25 13:27 -------- d-----w- c:\documents and settings\NC6220\Application Data\Top Evidence
2010-03-25 13:27 . 2010-03-25 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Top Evidence
2010-03-25 13:15 . 2010-03-25 13:13 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors Collector's Edition
2010-03-24 20:59 . 2010-03-19 08:30 -------- d-----w- c:\program files\Alice in Wonderland
2010-03-24 20:10 . 2010-03-24 20:08 -------- d-----w- c:\documents and settings\NC6220\Application Data\IObit
2010-03-24 20:10 . 2009-11-14 09:43 -------- d-----w- c:\program files\IObit
2010-03-24 19:58 . 2010-01-20 10:07 -------- d-----w- c:\program files\PopCap Games
2010-03-23 15:32 . 2009-12-25 18:44 -------- d-----w- c:\program files\RealArcade
2010-03-23 15:22 . 2009-11-19 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-03-23 14:24 . 2010-03-23 14:23 -------- d-----w- c:\program files\Luxor 3
2010-03-23 14:18 . 2010-03-23 14:18 -------- d-----w- c:\program files\Liong - The Lost Amulets
2010-03-23 14:10 . 2010-03-23 14:09 -------- d-----w- c:\program files\Annabel
2010-03-23 13:13 . 2010-03-23 12:47 -------- d-----w- c:\program files\Alice's Magical Mahjong
2010-03-21 17:14 . 2010-03-21 17:11 -------- d-----w- c:\documents and settings\NC6220\Application Data\Lost in the City
2010-03-21 11:01 . 2010-01-07 17:32 -------- d-----w- c:\documents and settings\NC6220\Application Data\BfgBar
2010-03-21 08:52 . 2010-03-21 08:52 -------- d-----w- c:\program files\IZArc
2010-03-20 15:11 . 2010-03-20 15:11 -------- d-----w- c:\documents and settings\NC6220\Application Data\Jetdogs Studios
2010-03-20 10:04 . 2010-03-20 10:03 -------- d-----w- c:\program files\Millennium Secrets - Emerald Curse
2010-03-19 11:06 . 2010-03-19 10:52 -------- d-----w- c:\documents and settings\NC6220\Application Data\SoundSpectrum
2010-03-19 10:51 . 2010-03-19 10:51 -------- d-----w- c:\program files\SoundSpectrum
2010-03-19 08:56 . 2010-01-07 18:25 -------- d-----w- c:\documents and settings\NC6220\Application Data\Merscom
2010-03-19 08:56 . 2010-01-07 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-03-18 16:34 . 2010-03-18 16:33 -------- d-----w- c:\program files\Treasure Seekers - Follow the Ghosts
2010-03-18 15:56 . 2009-10-11 20:05 -------- d-----w- c:\program files\bfgclient
2010-03-18 15:56 . 2010-03-18 15:55 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-03-18 15:55 . 2009-10-11 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-30 2020592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"WheelMouse"="c:\trustm~1\wh_exec.exe" [2006-05-03 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\NC6220\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-14 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2010 18:15 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/10/2009 16:46 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/10/2009 16:46 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1284840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/05/2004 17:26 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [02/09/2004 13:30 32640]
R3 whfltr2k;Trust Mouse 14831 USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [03/05/2006 14:03 6784]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/02/2009 20:02 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-05-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:15]

2010-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2010-03-28 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-24 15:30]

2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{5B367B6F-28B4-4105-BC7B-14CF59C5831C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\NC6220\Application Data\Mozilla\Firefox\Profiles\2vuxxxek.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: c:\documents and settings\NC6220\Application Data\Mozilla\Firefox\Profiles\2vuxxxek.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\NC6220\Application Data\Mozilla\Firefox\Profiles\2vuxxxek.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 21:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?7?6??????? ?4?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A5808C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf743ecb8
\Driver\atapi -> atapi.sys @ 0xf73b5b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf72a9bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72b6a21
SendHandler -> NDIS.sys @ 0xf729487b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\trustm~1\wh_hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-02 21:17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-02 20:17

Pre-Run: 21,042,274,304 bytes free
Post-Run: 21,115,883,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1FC18D2E6DFA00DBAB16E227CF9D8768




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:28, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\TRUSTM~1\wh_exec.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO:  - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WheelMouse] C:\TRUSTM~1\wh_exec.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8358 bytes


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:17 AM

Posted 02 May 2010 - 09:44 PM

Hello, bluejay44.
I'm afraid P2P programs are simply not trustworthy enough to use. Using a P2P program asks for trouble since anyone can share any file they please. They all come loaded with virusses, and I highly recommend against them.

We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    TDL::
    C:\WINDOWS\system32\drivers\atapi.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
In your next reply, please include the following:
  • ComboFix.txt
  • Fresh GMER log

Edited by aommaster, 02 May 2010 - 09:45 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 bluejay44

bluejay44
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 03 May 2010 - 09:30 AM

hello aommaster, thanks for your help and time.
here are requested files


ComboFix 10-05-02.01 - NC6220 03/05/2010 12:40:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1515 [GMT 1:00]
Running from: c:\documents and settings\NC6220\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\NC6220\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100503-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 10:29 . 2010-05-02 10:29 -------- d-----w- C:\rsit
2010-04-28 19:58 . 2010-04-28 20:15 -------- d-----w- c:\documents and settings\NC6220\Application Data\Brunhilda_WIP9
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\StoneLoops!
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\Saqqarah
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\MagicMatch
2010-04-28 19:58 . 2010-04-28 19:58 -------- d-----w- c:\documents and settings\NC6220\Application Data\BrunhildaBeta
2010-04-28 19:57 . 2010-04-28 19:57 -------- d-----w- C:\My Games
2010-04-28 18:02 . 2010-04-28 18:02 -------- d-----w- c:\program files\The Sultans Labyrinth
2010-04-27 12:30 . 2010-05-02 10:29 -------- d-----w- c:\program files\Trend Micro
2010-04-26 08:07 . 2010-04-26 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-26 08:07 . 2010-04-26 08:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-24 16:06 . 2010-04-24 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 16:05 . 2010-04-30 09:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 16:05 . 2010-04-24 16:05 -------- d-----w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com
2010-04-24 16:05 . 2010-04-24 16:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-24 11:28 . 2010-04-21 17:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 08:49 . 2010-04-24 08:49 -------- d-----w- c:\program files\Natalie Brooks - Secrets of Treasure House
2010-04-21 17:19 . 2010-04-21 17:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 20:00 . 2010-04-20 20:01 -------- d-----w- c:\program files\Masquerade Mysteries - The Case of the Copycat Curator
2010-04-20 19:25 . 2010-04-20 19:25 -------- d-----w- c:\documents and settings\NC6220\Application Data\Runes of Avalon 2
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\documents and settings\NC6220\Application Data\Stardock
2010-04-19 06:46 . 2010-04-19 06:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\program files\Stardock
2010-04-18 19:37 . 2010-04-18 19:37 -------- d-----w- c:\documents and settings\NC6220\Application Data\Malwarebytes
2010-04-18 19:35 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 19:35 . 2010-04-18 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-18 19:35 . 2010-04-18 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 19:35 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 17:15 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-18 17:15 . 2010-04-18 17:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 17:14 . 2010-04-18 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-18 17:14 . 2010-04-18 17:15 -------- d-----w- c:\program files\Lavasoft
2010-04-16 12:09 . 2010-04-16 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-04-16 11:52 . 2010-04-16 11:52 -------- d-----w- c:\program files\4 Elements
2010-04-15 22:28 . 2010-04-15 22:21 14143121 ----a-w- c:\documents and settings\NC6220\Desktop4571_-_Nintendo_Presents_Crossword_Collection(EU).zip
2010-04-13 20:01 . 2010-04-15 16:06 -------- d-----w- c:\documents and settings\NC6220\Application Data\DarkParablesBriarRoseSE_BFG
2010-04-13 09:30 . 2010-04-13 09:31 -------- d-----w- c:\program files\Love and Death - Bitten
2010-04-10 14:44 . 2010-04-10 15:02 -------- d-----w- c:\documents and settings\NC6220\Application Data\JournalistJourney
2010-04-10 14:43 . 2010-04-10 14:43 -------- d-----w- c:\documents and settings\NC6220\Application Data\Namco
2010-04-10 14:43 . 2010-04-10 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Namco
2010-04-10 09:00 . 2010-04-11 08:59 -------- d-----w- c:\program files\Namco
2010-04-10 08:43 . 2007-01-13 08:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 08:39 . 2007-01-13 09:46 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2010-04-10 08:39 . 2010-04-10 08:39 -------- d-----w- c:\windows\system32\Lang
2010-04-10 08:39 . 2007-01-19 09:14 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-04-10 08:37 . 2010-04-10 08:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-10 08:37 . 2010-04-10 08:37 -------- d-----w- c:\documents and settings\NC6220\Application Data\SystemRequirementsLab
2010-04-09 19:01 . 2010-04-09 19:02 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
2010-04-09 17:01 . 2010-04-09 17:01 -------- d-----w- c:\documents and settings\NC6220\Application Data\mif2000's Hamlet
2010-04-09 16:59 . 2010-04-09 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-09 16:58 . 2010-04-11 08:59 -------- d-----w- c:\program files\Alawar
2010-04-09 14:46 . 2010-04-09 14:46 -------- d-----w- C:\ProgramData
2010-04-09 14:43 . 2010-04-09 14:44 -------- d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-08 08:27 . 2010-04-08 08:27 -------- d-----w- c:\documents and settings\NC6220\Local Settings\Application Data\AlwaysNeat
2010-04-07 20:32 . 2010-04-07 20:32 -------- d-----w- c:\windows\system32\x64
2010-04-07 20:32 . 2010-04-18 17:15 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-07 20:32 . 2007-01-13 09:33 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2010-04-07 20:32 . 2007-01-13 09:33 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-04-07 20:32 . 2007-01-13 09:33 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-04-07 20:32 . 2007-01-13 09:32 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2010-04-07 20:32 . 2007-01-13 09:32 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2010-04-07 20:32 . 2006-11-10 07:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-04-07 20:32 . 2006-10-10 06:24 200704 ----a-w- c:\windows\system32\igfxCoIn_v4704.dll
2010-04-07 20:32 . 2006-10-10 06:24 312320 ----a-w- c:\windows\system32\difx32.dll
2010-04-06 19:10 . 2010-04-06 19:10 -------- d-----w- c:\documents and settings\NC6220\Application Data\Virtual Prophecy
2010-04-06 16:06 . 2010-04-06 16:06 -------- d-----w- c:\documents and settings\NC6220\Local Settings\Application Data\Menge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 09:18 . 2010-04-30 09:18 62976 ----a-w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-04-30 09:18 . 2010-04-24 16:07 117760 ----a-w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-28 19:54 . 2009-10-11 20:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-28 17:16 . 2010-04-21 17:18 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-28 17:16 . 2010-04-21 17:18 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-28 17:16 . 2010-04-21 17:18 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-28 17:16 . 2010-04-21 17:18 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-28 17:16 . 2010-04-21 17:18 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-28 17:16 . 2010-04-21 17:17 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-28 17:16 . 2010-04-21 17:17 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-28 17:16 . 2010-04-21 17:17 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-28 17:16 . 2010-04-21 17:17 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-28 17:16 . 2010-04-21 17:17 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-28 17:15 . 2010-04-21 17:17 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-28 17:15 . 2010-04-21 17:17 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-28 17:15 . 2010-04-21 17:17 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-28 17:15 . 2010-04-21 17:17 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-28 17:15 . 2010-04-21 17:17 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-28 17:15 . 2010-04-21 17:17 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-28 17:15 . 2010-04-21 17:17 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-28 17:15 . 2010-04-28 17:15 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-28 17:15 . 2010-04-21 17:17 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-28 17:15 . 2010-04-21 17:17 1284840 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-27 19:04 . 2010-02-14 22:07 1 ----a-w- c:\documents and settings\NC6220\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-27 18:50 . 2010-03-06 11:57 -------- d-----w- c:\program files\Calibre2
2010-04-27 12:30 . 2010-04-27 12:30 388096 ----a-r- c:\documents and settings\NC6220\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-24 16:07 . 2010-04-24 16:07 52224 ----a-w- c:\documents and settings\NC6220\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 09:12 . 2010-01-28 12:55 -------- d-----w- c:\documents and settings\NC6220\Application Data\Friday's games
2010-04-21 17:18 . 2010-04-21 17:18 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-21 17:18 . 2010-04-21 17:18 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-21 17:17 . 2010-04-21 17:17 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-21 17:17 . 2010-04-21 17:17 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-21 17:17 . 2010-04-21 17:17 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-21 16:16 . 2009-11-11 10:29 -------- d-----w- c:\program files\Shockwave.com
2010-04-20 15:18 . 2009-10-12 06:20 45216 ----a-w- c:\documents and settings\NC6220\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-20 12:14 . 2010-04-20 12:14 -------- d-----w- c:\program files\MSBuild
2010-04-20 12:14 . 2010-04-20 12:14 -------- d-----w- c:\program files\Reference Assemblies
2010-04-17 07:52 . 2010-03-06 18:09 -------- d-----w- c:\documents and settings\NC6220\Application Data\Orneon
2010-04-16 18:23 . 2010-02-14 11:12 -------- d-----w- c:\documents and settings\NC6220\Application Data\uTorrent
2010-04-13 10:20 . 2009-10-16 13:05 -------- d-----w- c:\documents and settings\NC6220\Application Data\PlayFirst
2010-04-10 14:43 . 2009-10-16 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-04-10 08:52 . 2006-10-14 18:06 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 08:51 . 2009-11-02 21:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 08:51 . 2006-10-14 18:06 -------- d-----w- c:\program files\Java
2010-04-10 08:37 . 2010-04-10 08:37 84480 ----a-w- c:\documents and settings\NC6220\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-07 21:31 . 2009-10-24 11:33 -------- d-----w- c:\program files\Dragon
2010-04-03 10:38 . 2010-03-18 17:50 -------- d-----w- c:\documents and settings\NC6220\Application Data\Artogon
2010-04-03 10:38 . 2010-04-03 10:38 -------- d-----w- c:\program files\The Mystery of the Crystal Portal - Beyond the Horizon
2010-04-02 12:13 . 2010-04-01 16:19 -------- d-----w- c:\program files\Kitchen Brigade
2010-04-02 09:59 . 2009-12-30 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2010-04-02 09:16 . 2010-04-01 20:24 -------- d-----w- c:\program files\Mahjong Towers Eternity
2010-04-01 20:22 . 2010-04-01 20:22 -------- d-----w- c:\documents and settings\NC6220\Application Data\Fugazo
2010-04-01 20:21 . 2010-04-01 20:21 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V6
2010-04-01 19:01 . 2010-03-28 10:30 -------- d-----w- c:\documents and settings\NC6220\Application Data\MysteryStudio
2010-04-01 17:25 . 2010-03-30 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-03-31 09:51 . 2010-03-31 09:16 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V5
2010-03-30 19:06 . 2010-03-30 19:06 -------- d-----w- c:\documents and settings\NC6220\Application Data\The Inquisitor
2010-03-30 19:06 . 2010-03-30 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\The Inquisitor
2010-03-30 18:57 . 2010-03-30 18:57 -------- d-----w- c:\documents and settings\NC6220\Application Data\YoudaGames
2010-03-29 14:59 . 2010-03-12 09:51 -------- d-----w- c:\program files\Amazon
2010-03-28 12:25 . 2010-03-28 12:19 -------- d-----w- c:\documents and settings\NC6220\Application Data\LegacyInteractive
2010-03-28 11:08 . 2010-03-28 11:07 -------- d-----w- c:\program files\Dark Parables - Curse of Briar Rose
2010-03-28 08:57 . 2010-03-28 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Particles
2010-03-28 08:57 . 2010-03-28 08:57 -------- d-----w- c:\documents and settings\NC6220\Application Data\Specialbit
2010-03-28 08:57 . 2010-03-28 08:56 -------- d-----w- c:\program files\Island - The Lost Medallion
2010-03-27 20:34 . 2010-03-27 20:34 -------- d-----w- c:\documents and settings\NC6220\Application Data\Meridian93
2010-03-27 20:34 . 2010-03-27 20:33 -------- d-----w- c:\program files\Unexpected Journey
2010-03-27 10:45 . 2010-03-27 10:45 -------- d-----w- c:\documents and settings\NC6220\Application Data\Absolutist
2010-03-27 10:45 . 2010-03-27 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Absolutist
2010-03-27 10:02 . 2010-03-26 13:47 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Demo V1
2010-03-26 10:18 . 2010-03-26 10:18 -------- d-----w- c:\program files\1 Penguin 100 Cases
2010-03-26 09:52 . 2010-03-26 09:52 -------- d-----w- c:\documents and settings\NC6220\Application Data\Artifex Mundi
2010-03-26 09:36 . 2010-03-26 09:35 -------- d-----w- c:\program files\Joan Jade and the Gates of Xibalba
2010-03-25 17:27 . 2010-01-08 10:20 -------- d-----w- c:\documents and settings\NC6220\Application Data\ERS G-Studio
2010-03-25 14:38 . 2010-03-25 14:37 -------- d-----w- c:\program files\Pathfinders - Lost at Sea
2010-03-25 13:27 . 2010-03-25 13:27 -------- d-----w- c:\documents and settings\NC6220\Application Data\Top Evidence
2010-03-25 13:27 . 2010-03-25 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Top Evidence
2010-03-25 13:15 . 2010-03-25 13:13 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors Collector's Edition
2010-03-24 20:59 . 2010-03-19 08:30 -------- d-----w- c:\program files\Alice in Wonderland
2010-03-24 20:10 . 2010-03-24 20:08 -------- d-----w- c:\documents and settings\NC6220\Application Data\IObit
2010-03-24 20:10 . 2009-11-14 09:43 -------- d-----w- c:\program files\IObit
2010-03-24 19:58 . 2010-01-20 10:07 -------- d-----w- c:\program files\PopCap Games
2010-03-23 15:32 . 2009-12-25 18:44 -------- d-----w- c:\program files\RealArcade
2010-03-23 15:22 . 2009-11-19 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-03-23 14:24 . 2010-03-23 14:23 -------- d-----w- c:\program files\Luxor 3
2010-03-23 14:18 . 2010-03-23 14:18 -------- d-----w- c:\program files\Liong - The Lost Amulets
2010-03-23 14:10 . 2010-03-23 14:09 -------- d-----w- c:\program files\Annabel
2010-03-23 13:13 . 2010-03-23 12:47 -------- d-----w- c:\program files\Alice's Magical Mahjong
2010-03-21 17:14 . 2010-03-21 17:11 -------- d-----w- c:\documents and settings\NC6220\Application Data\Lost in the City
2010-03-21 11:01 . 2010-01-07 17:32 -------- d-----w- c:\documents and settings\NC6220\Application Data\BfgBar
2010-03-21 08:52 . 2010-03-21 08:52 -------- d-----w- c:\program files\IZArc
2010-03-20 15:11 . 2010-03-20 15:11 -------- d-----w- c:\documents and settings\NC6220\Application Data\Jetdogs Studios
2010-03-20 10:04 . 2010-03-20 10:03 -------- d-----w- c:\program files\Millennium Secrets - Emerald Curse
2010-03-19 11:06 . 2010-03-19 10:52 -------- d-----w- c:\documents and settings\NC6220\Application Data\SoundSpectrum
2010-03-19 10:51 . 2010-03-19 10:51 -------- d-----w- c:\program files\SoundSpectrum
2010-03-19 08:56 . 2010-01-07 18:25 -------- d-----w- c:\documents and settings\NC6220\Application Data\Merscom
2010-03-19 08:56 . 2010-01-07 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-03-18 16:34 . 2010-03-18 16:33 -------- d-----w- c:\program files\Treasure Seekers - Follow the Ghosts
2010-03-18 15:56 . 2009-10-11 20:05 -------- d-----w- c:\program files\bfgclient
2010-03-18 15:56 . 2010-03-18 15:55 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-30 2020592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"WheelMouse"="c:\trustm~1\wh_exec.exe" [2006-05-03 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\NC6220\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-14 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2010 18:15 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/10/2009 16:46 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/10/2009 16:46 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1284840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/05/2004 17:26 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [02/09/2004 13:30 32640]
R3 whfltr2k;Trust Mouse 14831 USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [03/05/2006 14:03 6784]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/02/2009 20:02 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:15]

2010-05-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{5B367B6F-28B4-4105-BC7B-14CF59C5831C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\NC6220\Application Data\Mozilla\Firefox\Profiles\2vuxxxek.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: c:\documents and settings\NC6220\Application Data\Mozilla\Firefox\Profiles\2vuxxxek.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\NC6220\Application Data\Mozilla\Firefox\Profiles\2vuxxxek.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?7?6??????? ?4?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WININET.dll
c:\trustm~1\wh_hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\AGRSMMSG.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-03 12:58:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-03 11:58
ComboFix2.txt 2010-05-02 20:17

Pre-Run: 21,111,853,056 bytes free
Post-Run: 21,072,584,704 bytes free

- - End Of File - - 6C7624F9790E072B8008BA0222CA8718







GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 15:28:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\NC6220\LOCALS~1\Temp\pwryyfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA44D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA44D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA44DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA44D14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA44D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA44D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA44D0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA44D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA44D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA44D8AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA5E4900]

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF666B3BF]
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF662FA80]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF77EC192]
? C:\DOCUME~1\NC6220\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1772] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----







#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:17 AM

Posted 04 May 2010 - 10:35 PM

Hello, bluejay44.
My apologies for the late reply. For some reason, the forums didn't show that you replied to the topic.

How's your computer doing, by the way? Are you sitll getting redirects? Any other problems?

Let's make sure we haven't missed anything.
We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 20 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the Export to button, Post the contents of the ActiveScan report

In your next reply, please include the following:
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 bluejay44

bluejay44
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 05 May 2010 - 08:56 AM

hello aommaster,
have not actually used the laptop much while you are sorting things out. Did not want to complicate things more than was needed. So I had copied and pasted search links rather than click on them directly.
However I tried a few searches today and all seemed well. There was no redirection either to a secondary search or to any dubious sites at all.

I have updated java as you suggested and also done the Panda scan. Result enclosed below. thanks again.





;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-05-05 14:49:06
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 11
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1368 [VPS 100505-0] 4.8.1368 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
02463795 Adware/iWinArcade Adware No 0 Yes No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp110\a0034912.exe
02463795 Adware/iWinArcade Adware No 0 No No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp129\a0048151.exe[iwintrusted.exe]
02893775 Spyware/Iehelp Spyware No 1 No No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp129\a0048151.exe[iwinarcadelauncher.exe]
02990320 Application/BoontyGames HackTools No 0 Yes No c:\program files\common files\boonty shared\service\boonty.exe
05889439 Rootkit/TDSS.DJ Virus No 1 Yes No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp149\a0055310.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\nc6220\my documents\downloads\combofix.exe[32788r22fwjfw\pev.exe]
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp110\a0034906.exe
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp129\a0048151.exe[adminworker.exe]
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp129\a0048151.exe[uninstall.exe]
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp129\a0048151.exe[webupdater.exe]
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp149\a0055029.exe
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp149\a0055150.exe
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp149\a0055203.exe
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp149\a0055235.exe
No c:\system volume information\_restore{41629880-05ed-4a57-b8e5-9762cd355640}\rp149\a0055422.exe
No c:\windows\pev.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:17 AM

Posted 05 May 2010 - 09:44 AM

Hello, bluejay44.
You're more than welcome smile.gif

Your PC looks good. Just found a few infected restore points, which combofix will clear once you uninstall.

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".

NEXT:

We need to enable TeaTimer
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Check the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Make Firefox more secure
    Firefox is a relatively safe browser compared to Internet Explorer. However, if you'd still like to enhance security, consider some of these extensions:
    • NoScript: Add-on which automatically blocks Javascript and Java from running on sites.
    • Firekeeper: Add-on which aims to protect your from malicious websites which may exploit browser and code security flaws.
    • KeyScrambler: Add-on that protects your passwords from being detected by keyloggers.
  4. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  5. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  6. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 bluejay44

bluejay44
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 05 May 2010 - 01:30 PM

Combofix uninstalled.
Addons for Firefox- will do them next.
Internet Explorer - settings checked.
Will look at firewall recommendations later this evening and other suggested improvements.
Will also read other links later on.

smile.gif thumbup.gif

thank you so much for all your help, I had dreaded having to perhaps reformat my hard disk to get it cleaned up.
All the best
Joy

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:17 AM

Posted 05 May 2010 - 01:32 PM

Hi!

Glad to help out. It was my pleasure smile.gif

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users