Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite Removal Help & Complications


  • This topic is locked This topic is locked
29 replies to this topic

#1 cyclocross

cyclocross

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 01 July 2010 - 02:38 PM

Hi there,

I've got some AV Security Suite problems. I've followed the directions and been able to remove the proxy, processes and registry problems (malwarebytes + hack this) and found more stuff through spybot.

Multiple reboots seem to show that the random website redirects still are there. Perhaps I got infected by multiple items at once, I'm not sure (was looking for 1080p test video, clicked on one and it launched 5 msdos command windows).

There's one complication though, in that I can't boot in safe mode due to a mup.sys hang problem I haven't yet solved either. That's been going on a for a while. So initially I did a cntrl-alt-delete on first reboot to close the suspicious processes and launch malwarebytes. I've done several scans since - the first found 28 items, then 6, then 4, then 1. But I'm still compromised.

DDS did not generate two text files unfortunately (not sure why those popups never shoed up) but I have the GMER log attached.

I would be super thankful for some advice & help here. Hopefully my lack of safe mode will not prevent a full removal.

Attached Files



BC AdBot (Login to Remove)

 


#2 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 02 July 2010 - 05:39 AM

Hi, I finally was able to get log files from DDS. Here they are, pasted and attached as requested. I know everyone is busy, but would love some help. Feeling a little left out. I'm still getting random tabs opening in my browsers, and browser (mostly search) links are hijacked to show random crap on other sites like local.com, info.com, etc.

DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 3:24:33.45 on Fri 07/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.725 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\BitKinex\bitkinexsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PuranDefragS.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Photodex\ProShow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Admin\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: FindeXer: {377d8121-efaa-4d1c-981b-8bfad9f10de3} - c:\downloads\_findexernightlyv1.1.0.3\FindeXer.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with BitKinex - c:\program files\bitkinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\bitkinex\ieext_reg.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: bmnet.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200959048828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\umy69a9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Web Search (powered by Google)
FF - prefs.js: browser.startup.homepage - cxmagazine.com
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\umy69a9v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\umy69a9v.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\umy69a9v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npadjdet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-7-1 30320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-1 243024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-1 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-1 308136]
R2 BitKinex;BitKinex File Transfer Service;c:\program files\bitkinex\bitkinexsvc.exe dispatch --> c:\program files\bitkinex\bitkinexsvc.exe DISPATCH [?]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-7-1 6385616]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-5-22 80384]
R2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2010-5-21 229376]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-7-1 61624]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-11 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-3 38224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090116.004\naveng.sys [2009-1-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090116.004\navex15.sys [2009-1-17 876112]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-7-1 24400]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-7-27 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-7-27 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S1 b22e03a3;b22e03a3;c:\windows\system32\drivers\b22e03a3.sys --> c:\windows\system32\drivers\b22e03a3.sys [?]
S2 gupdate1c974f744359078;Google Update Service (gupdate1c974f744359078);c:\program files\google\update\GoogleUpdate.exe [2009-1-12 136176]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-9-4 111896]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-1 430152]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-9-6 108392]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-9-6 108392]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2008-1-18 37120]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-7 1245064]
S3 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2009-7-27 44880]

=============== Created Last 30 ================

2010-07-02 07:46:36 0 d--h--w- C:\$AVG
2010-07-02 06:52:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 06:09:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-02 06:09:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-02 06:09:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 06:08:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-02 06:08:12 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-07-02 06:00:36 0 d-----w- c:\program files\AVG
2010-07-02 05:59:48 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-01 19:54:15 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-07-01 19:54:13 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-01 19:54:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-07-01 19:54:12 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-01 19:54:12 0 d-----w- c:\program files\Prevx
2010-07-01 19:54:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-06-30 09:57:39 2744 ----a-w- c:\windows\ocexohese.dll
2010-06-30 05:35:56 2744 ----a-w- c:\windows\exegaborovomasiv.dll
2010-06-24 19:21:35 0 d-----w- c:\windows\system32\TVUAx
2010-06-23 20:53:48 54156 ---ha-w- c:\windows\QTFont.qfn
2010-06-23 20:53:48 1409 ----a-w- c:\windows\QTFont.for
2010-06-19 14:57:50 25693 ----a-w- c:\documents and settings\admin\Intuit_QK_Internal.pdf
2010-06-09 16:26:52 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-03 05:34:15 3253 ----a-w- c:\windows\system32\wbem\Outlook_01cb02de6719e85c.mof

==================== Find3M ====================

2010-07-02 09:48:58 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-02 09:48:55 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-02 04:32:26 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-17 19:11:40 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2010-05-17 19:11:40 221184 ----a-w- c:\windows\system32\PuranDC.exe
2010-05-17 19:11:40 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2010-05-17 19:11:40 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2010-04-05 15:45:28 766656 ----a-w- c:\windows\fonts\arial.ttf
2010-04-05 15:45:26 80388 ----a-w- c:\windows\fonts\COOPBL.TTF
2010-03-12 05:38:16 653312 ----a-w- c:\program files\common files\SetupDLL.dll
2009-02-04 03:38:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020320090204\index.dat

============= FINISH: 3:27:45.57 ===============

Attached Files



#3 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:52 AM

Posted 05 July 2010 - 12:10 PM

Hi cyclocross,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:52 AM

Posted 11 July 2010 - 09:57 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 15 July 2010 - 02:35 AM

Hi, thanks much. Here's Malwarebytes. The others are coming:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4315

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/15/2010 12:37:12 AM
mbam-log-2010-07-15 (00-37-12).txt

Scan type: Quick scan
Objects scanned: 137390
Time elapsed: 17 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 15 July 2010 - 10:31 AM

hi, despite four tries I couldn't get gmer to finish. i have a partial log file. it would blue screen, giving me a "fwrdifow.sys" error, saying "page fault in nonpaged area" the one time I caught the blue screen.

OTL will be next but here's my GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-15 07:40:04
Windows 5.1.2600 Service Pack 3
Running: gusynsxh.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fwrdifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xA82D0A00]
SSDT 8A98CE68 ZwConnectPort
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xA82D0A50]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xA82D0720]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xA82D07E0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xA82D0E10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xA82D0CA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xA82D0AF0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xA82D09B0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xA82D08C0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xA82D0FB0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xA82D0B90]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xA82D0BE0]

---- Kernel code sections - GMER 1.0.15 ----

page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xBA212D4A]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1628] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01B07900 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[1628] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 01B06E50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[1628] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 01B075C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A696E400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0010c69d0161 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016414ac140 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016414ac140@00237ac60f15 0x51 0x60 0x7B 0x79 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016414ac140@0016cb098efa 0x2A 0x1F 0xF3 0x0D ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016414ac140@00164400d590 0x71 0x3A 0x64 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c69d0161
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414ac140
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414ac140@00237ac60f15 0x51 0x60 0x7B 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414ac140@0016cb098efa 0x2A 0x1F 0xF3 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414ac140@00164400d590 0x71 0x3A 0x64 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010c69d0161 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414ac140 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414ac140@00237ac60f15 0x51 0x60 0x7B 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414ac140@0016cb098efa 0x2A 0x1F 0xF3 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414ac140@00164400d590 0x71 0x3A 0x64 0xCE ...


#7 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 15 July 2010 - 11:11 AM

Here's the OTL log after completion. I did not get an extras.txt file though. Sorry for the multiple posts. Thanks a bunch for your help.

OTL logfile created on: 7/15/2010 8:36:49 AM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 0.68 Gb Free Space | 0.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CYCLOCROSSING
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Opera 10 Beta\opera.exe (Opera Software)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\system32\PuranDefragS.exe (Puran Software)
PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Photodex\ProShow\scsiaccess.exe ()
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\BitKinex\bitkinexsvc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (PuranDefrag) -- C:\WINDOWS\System32\PuranDefragS.exe (Puran Software)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (wlcrasvc) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShow\scsiaccess.exe ()
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (BitKinex) -- C:\Program Files\BitKinex\bitkinexsvc.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (pxkbf) -- C:\WINDOWS\system32\drivers\pxkbf.sys (Prevx)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RDPVDD) -- C:\WINDOWS\system32\drivers\rdpvmp.sys (Microsoft Corporation)
DRV - (RDPDISPM) -- C:\WINDOWS\system32\drivers\rdpdispm.sys (Microsoft Corporation)
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NWVMPort2) -- C:\WINDOWS\system32\drivers\nwvmser2.sys (Novatel Wireless Inc.)
DRV - (NWVMPort) -- C:\WINDOWS\system32\drivers\nwvmser.sys (Novatel Wireless Inc.)
DRV - (NWVMModem) -- C:\WINDOWS\system32\drivers\nwvmmdm.sys (Novatel Wireless Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090116.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090116.004\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (GTUQBUS) -- C:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (dfmirage) -- C:\WINDOWS\system32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "cxmagazine.com"
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.4.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ramback@pavlov.net:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {C1273352-9340-4d54-A6D7-17DC157EC0B9}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.0.7
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.5.2
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/05/29 00:08:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/01 23:04:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/07/01 23:08:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 12:11:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 23:52:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/02/18 04:35:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/19 15:55:15 | 000,000,000 | ---D | M]

[2010/02/18 04:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/02/18 04:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/27 15:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/07/14 14:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions
[2010/05/27 11:10:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/05 02:35:30 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/02/25 02:38:57 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/02/05 02:35:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/06 13:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{b92d6e49-3672-4c79-80b1-b0b4465e2025}
[2008/10/10 21:57:13 | 000,000,000 | ---D | M] (Window Resizer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}
[2010/05/27 11:10:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 15:18:15 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/05/27 11:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\firebug@software.joehewitt.com
[2010/06/24 12:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\firefox@tvunetworks.com
[2010/02/01 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\FirePHPExtension-Build@firephp.org
[2010/03/08 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\Foxdie@tanjihay.com
[2009/11/18 08:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\ramback@pavlov.net
[2010/05/27 11:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\toolbar@alexa.com
[2010/05/27 11:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\yslow@yahoo-inc.com
[2010/02/01 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX
[2010/02/01 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\FirePHPExtension-Build@firephp.org\chrome
[2010/02/01 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\FirePHPExtension-Build@firephp.org\defaults
[2010/02/18 04:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Sunbird\Profiles\mzh5bgz1.default\extensions
[2008/01/18 18:08:42 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\aolsearch.gif
[2008/01/18 18:08:42 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\aolsearch.src
[2008/01/18 18:07:50 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\aolsearch.xml
[2010/07/14 11:45:33 | 000,005,227 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\linkedin.xml
[2009/08/19 08:58:00 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\winamp-search.xml
[2010/07/14 14:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 16:18:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/01 23:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/03/17 04:11:16 | 000,106,496 | ---- | M] (Adjustables ©) -- C:\Program Files\Mozilla Firefox\plugins\npadjdet.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/07/02 13:32:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: &Download with BitKinex - C:\Program Files\BitKinex\ieext_cp.htm ()
O8 - Extra context menu item: &Register in BitKinex - C:\Program Files\BitKinex\ieext_reg.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1200959048828 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.7/TSWeb.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/22 07:23:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 15:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/15 02:19:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/07/13 16:15:38 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/08 11:39:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Admin\Application Data\pcouffin.sys
[2010/07/08 11:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Vso
[2010/07/08 11:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\PcSetup
[2010/07/08 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\DVDFab
[2010/07/08 11:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/07/06 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\AVG Security Toolbar
[2010/07/02 14:17:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/07/02 13:16:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/02 13:16:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/02 13:16:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/02 13:16:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/02 13:04:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 10:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/02 00:46:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/07/01 23:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 23:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/01 23:52:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/01 23:52:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/01 23:52:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/01 23:52:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/01 23:09:40 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/01 23:09:35 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/01 23:09:25 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/01 23:09:14 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/01 23:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/01 23:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/01 23:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/01 22:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/01 12:54:15 | 000,069,680 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/07/01 12:54:13 | 000,061,624 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/01 12:54:13 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/07/01 12:54:12 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/07/01 12:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/07/01 12:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/06/30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/06/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/06/29 23:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 23:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 22:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\cckkwbobw
[2010/06/29 16:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\garden
[2010/06/24 12:21:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2010/06/24 12:21:20 | 002,136,688 | ---- | C] (TVU networks) -- C:\Documents and Settings\Admin\Desktop\PluginInstaller.exe
[2008/12/06 14:27:45 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2008/11/09 12:51:06 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2010/07/15 08:19:30 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/07/15 08:19:26 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/07/15 08:19:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/15 08:19:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/15 08:18:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/15 07:21:21 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/15 02:19:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/07/15 01:04:06 | 000,069,680 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/07/15 01:03:57 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/07/15 01:03:52 | 000,061,624 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/15 01:03:46 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/07/15 00:51:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\gusynsxh.exe
[2010/07/15 00:49:16 | 003,739,407 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\analyse.exe
[2010/07/15 00:08:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\prvlcl.dat
[2010/07/15 00:00:59 | 062,009,707 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/14 23:43:38 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/07/14 23:43:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/07/14 17:19:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/14 17:19:29 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/14 10:42:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/12 06:55:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 01:57:38 | 000,538,971 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Bontrager_RXXXL_Mountain_Crankset.pdf
[2010/07/08 11:39:26 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\inst.exe
[2010/07/08 11:39:25 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Admin\Application Data\pcouffin.sys
[2010/07/08 11:39:25 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.cat
[2010/07/08 11:39:25 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.inf
[2010/07/08 11:11:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/06 22:34:00 | 000,016,820 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\dell_u2311h_custom2.icc
[2010/07/06 22:33:08 | 000,016,792 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\dell_u2311h_custom.icc
[2010/07/05 12:00:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/07/02 23:36:01 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Bluetooth File Transfer Wizard.lnk
[2010/07/02 22:59:37 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/07/02 22:52:21 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT_tureg_old
[2010/07/02 21:25:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/02 14:17:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/07/02 13:32:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/02 10:20:12 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2010/07/02 03:38:57 | 000,004,787 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Attach-dds.zip
[2010/07/02 03:23:23 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\dds.pif
[2010/07/01 23:09:44 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/01 23:09:43 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/01 23:09:39 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/01 23:09:25 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/01 23:09:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/01 23:09:14 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/01 21:36:22 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 21:36:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/01 21:32:26 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/07/01 12:54:01 | 000,000,445 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/01 12:06:01 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 12:06:01 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/30 23:13:02 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\fw7up0nv.exe
[2010/06/30 23:12:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/06/30 02:25:38 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\iExplore.exe
[2010/06/29 23:19:13 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\rkill.com
[2010/06/28 15:56:48 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\greatnonprofits.org.bak
[2010/06/27 00:31:23 | 003,454,873 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Standard_Monitor_Driver_Signed_XP.zip
[2010/06/26 04:01:56 | 000,531,250 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\comics.jpg
[2010/06/25 03:45:00 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100630-210529.backup
[2010/06/25 03:36:29 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\HOSTS.bak
[2010/06/24 12:21:27 | 002,136,688 | ---- | M] (TVU networks) -- C:\Documents and Settings\Admin\Desktop\PluginInstaller.exe
[2010/06/24 03:03:55 | 000,496,062 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 03:03:55 | 000,437,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 03:03:55 | 000,069,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 09:45:44 | 000,025,872 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Intuit.pdf
[2010/06/19 08:00:55 | 000,025,693 | ---- | M] () -- C:\Documents and Settings\Admin\Intuit_QK_Internal.pdf
[2010/06/17 09:55:43 | 001,439,685 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\watering-map.psd

========== Files Created - No Company Name ==========

[2010/07/15 00:51:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\gusynsxh.exe
[2010/07/14 17:19:29 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/14 17:19:29 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/09 01:57:28 | 000,538,971 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Bontrager_RXXXL_Mountain_Crankset.pdf
[2010/07/08 11:39:46 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.log
[2010/07/08 11:39:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\inst.exe
[2010/07/08 11:39:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.cat
[2010/07/08 11:39:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.inf
[2010/07/06 22:34:00 | 000,016,820 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\dell_u2311h_custom2.icc
[2010/07/06 22:33:08 | 000,016,792 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\dell_u2311h_custom.icc
[2010/07/06 19:03:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\prvlcl.dat
[2010/07/02 22:59:37 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010/07/02 13:16:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/02 13:16:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/02 13:16:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/02 13:16:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/02 13:16:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/02 13:01:31 | 003,739,407 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\analyse.exe
[2010/07/02 10:32:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\log.txt
[2010/07/02 10:19:48 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2010/07/02 03:38:57 | 000,004,787 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Attach-dds.zip
[2010/07/02 03:23:23 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\dds.pif
[2010/07/01 23:09:44 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/01 23:09:13 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/01 23:08:21 | 062,009,707 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/30 23:12:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\fw7up0nv.exe
[2010/06/30 23:12:13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2010/06/30 02:56:32 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\iExplore.exe
[2010/06/29 23:19:09 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\rkill.com
[2010/06/28 14:36:48 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\greatnonprofits.org.bak
[2010/06/27 00:28:43 | 003,454,873 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Standard_Monitor_Driver_Signed_XP.zip
[2010/06/26 04:01:52 | 000,531,250 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\comics.jpg
[2010/06/25 01:42:27 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\HOSTS.bak
[2010/06/19 09:45:44 | 000,025,872 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Intuit.pdf
[2010/06/19 07:57:50 | 000,025,693 | ---- | C] () -- C:\Documents and Settings\Admin\Intuit_QK_Internal.pdf
[2010/06/17 09:39:12 | 001,439,685 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\watering-map.psd
[2010/02/28 23:20:58 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/01/19 15:38:53 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009/10/06 00:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2009/10/05 23:22:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/10/05 23:21:11 | 000,000,134 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/10/05 23:20:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/10/05 23:20:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2009/10/05 23:20:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/10/05 23:06:23 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/03 10:54:01 | 000,000,445 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/07 02:03:03 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/11/09 12:51:06 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/11/09 12:51:06 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2008/11/09 12:51:06 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/08/20 11:52:55 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 23:26:08 | 000,000,415 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2008/05/23 14:54:54 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2008/04/15 07:17:50 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/04/15 07:17:49 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/03/07 10:53:49 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/03/03 00:56:31 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/21 23:33:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/21 18:26:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/01/18 14:10:08 | 000,025,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/10/05 10:23:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/04 23:20:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 22:00:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 21:50:28 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/09/20 21:03:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/30 13:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2004/12/19 06:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 06:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 11:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 16:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/10 01:11:19 | 000,001,502 | ---- | M] () -- C:\ASLog.txt
[2009/09/22 07:23:59 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/15 03:16:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/01 21:36:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/02 21:30:01 | 000,022,151 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/09/20 21:06:06 | 000,005,690 | RH-- | M] () -- C:\dell.sdr
[2010/03/18 16:28:25 | 000,018,934 | ---- | M] () -- C:\DkBootTime.log
[2010/03/18 17:34:53 | 000,004,394 | ---- | M] () -- C:\DkBootTime2.log
[2010/03/19 05:47:16 | 000,005,254 | ---- | M] () -- C:\DkBootTime3.log
[2010/06/30 02:59:10 | 000,009,294 | ---- | M] () -- C:\drwtsn32.log
[2007/10/04 14:39:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/09/20 21:48:46 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/03 18:55:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/15 08:18:50 | 2136,895,488 | -HS- | M] () -- C:\pagefile.sys
[2009/05/28 23:56:30 | 000,001,684 | ---- | M] () -- C:\photodex-presenter-install.log
[2010/07/01 21:40:08 | 000,000,369 | ---- | M] () -- C:\rkill.log
[2009/08/18 15:33:37 | 000,000,495 | ---- | M] () -- C:\Shortcut to issue7.lnk
[2009/11/25 09:46:15 | 000,000,495 | ---- | M] () -- C:\Shortcut to issue8.lnk
[2010/07/02 10:20:59 | 000,058,220 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_02.07.2010_10.20.32_log.txt
[2010/07/02 13:59:30 | 000,057,284 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_02.07.2010_13.59.11_log.txt
[2010/07/02 10:32:19 | 000,057,284 | ---- | M] () -- C:\TDSSKiller.txt
[2008/05/18 11:04:44 | 000,002,141 | ---- | M] () -- C:\WirelessDiagLog.csv
[2008/01/17 22:34:59 | 000,000,146 | ---- | M] () -- C:\YServer.txt
[2009/03/06 12:05:48 | 000,003,916 | ---- | M] () -- C:\yugmaerr.log
[2009/03/06 12:05:48 | 000,000,098 | ---- | M] () -- C:\yugmaout.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 15:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/01/16 19:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 10:12:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
< End of report >


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:52 AM

Posted 15 July 2010 - 04:58 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 16 July 2010 - 09:13 AM

Hi there,

Here's the combofix log. FYI, I turned off the different AV programs (from real time scanning) but combofix still showed them as running.

Thanks a lot for your continued help.

Combofix log:
ComboFix 10-07-15.03 - Admin 07/16/2010 2:06.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1115 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\analyse.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-13 23:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-08 20:35 . 2010-07-08 20:35 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-605dcc42-n\msvcp71.dll
2010-07-08 20:35 . 2010-07-08 20:35 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-605dcc42-n\jmc.dll
2010-07-08 20:35 . 2010-07-08 20:35 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-605dcc42-n\msvcr71.dll
2010-07-08 20:34 . 2010-07-08 20:34 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40015015-n\decora-sse.dll
2010-07-08 20:34 . 2010-07-08 20:34 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40015015-n\decora-d3d.dll
2010-07-08 18:39 . 2010-07-08 18:39 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-08 18:39 . 2010-07-08 18:39 47360 ----a-w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2010-07-08 18:39 . 2010-07-08 18:39 -------- d-----w- c:\documents and settings\Admin\Application Data\Vso
2010-07-08 18:38 . 2010-07-08 18:39 -------- d-----w- c:\program files\DVDFab 7
2010-07-07 02:03 . 2010-07-15 07:08 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\prvlcl.dat
2010-07-06 22:43 . 2010-07-06 22:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AVG Security Toolbar
2010-07-02 17:42 . 2010-07-02 17:42 -------- d-----w- c:\program files\ESET
2010-07-02 07:46 . 2010-07-02 07:46 -------- d-----w- C:\$AVG
2010-07-02 06:52 . 2010-07-02 06:52 -------- d-----w- c:\program files\Common Files\Java
2010-07-02 06:52 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 06:09 . 2010-07-02 06:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-02 06:09 . 2010-07-02 06:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-02 06:09 . 2010-07-02 06:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 06:09 . 2010-07-02 06:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-02 06:08 . 2010-07-16 00:57 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-02 06:08 . 2010-07-02 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-02 06:00 . 2010-07-02 06:00 -------- d-----w- c:\program files\AVG
2010-07-02 05:59 . 2010-07-02 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-01 19:54 . 2010-07-15 08:04 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-07-01 19:54 . 2010-07-15 08:03 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-07-01 19:54 . 2010-07-15 08:03 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-01 19:54 . 2010-07-15 08:03 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-01 19:54 . 2010-07-01 19:54 -------- d-----w- c:\program files\Prevx
2010-07-01 19:54 . 2010-07-03 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-06-30 05:33 . 2010-06-30 16:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\cckkwbobw
2010-06-24 19:21 . 2010-06-24 19:21 -------- d-----w- c:\windows\system32\TVUAx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 00:48 . 2010-03-01 06:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-15 15:19 . 2008-01-08 06:16 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-15 00:13 . 2009-11-13 08:08 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-07-14 23:04 . 2008-08-07 19:18 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-07-14 06:46 . 2008-02-05 18:39 -------- d-----w- c:\documents and settings\Admin\Application Data\GoodSync
2010-07-07 07:39 . 2008-07-08 05:53 -------- d-----w- c:\program files\Flickr Uploadr
2010-07-07 01:48 . 2009-11-23 23:42 -------- d-----w- c:\documents and settings\Admin\Application Data\XnView
2010-07-06 15:50 . 2010-05-21 15:23 -------- d-----w- c:\program files\Puran Defrag
2010-07-02 17:22 . 2004-08-04 04:07 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-07-02 08:48 . 2010-03-16 05:01 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-02 06:51 . 2007-09-21 04:31 -------- d-----w- c:\program files\Java
2010-07-02 04:32 . 2010-03-01 06:20 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-07-01 19:05 . 2009-08-09 06:45 -------- d-----w- c:\program files\Opera 10 Beta
2010-06-30 06:24 . 2009-02-03 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 08:01 . 2010-01-20 02:32 -------- d-----w- c:\documents and settings\Admin\Application Data\BitKinex
2010-06-27 10:54 . 2008-08-22 08:08 -------- d-----w- c:\program files\Swift To-Do List
2010-06-15 08:35 . 2008-08-16 22:49 -------- d-----w- c:\documents and settings\Admin\Application Data\Notepad++
2010-06-15 08:34 . 2008-08-16 22:49 -------- d-----w- c:\program files\Notepad++
2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 10:48 . 2008-08-12 07:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 08:04 . 2008-01-23 00:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-03 05:52 . 2008-12-05 20:40 256 ----a-w- c:\windows\system32\pool.bin
2010-06-03 05:34 . 2008-12-05 08:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Research In Motion
2010-05-29 07:08 . 2007-09-21 04:56 -------- d-----w- c:\program files\Google
2010-05-24 03:48 . 2007-11-22 07:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-17 19:11 . 2010-05-21 15:23 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2010-05-17 19:11 . 2010-05-21 15:23 221184 ----a-w- c:\windows\system32\PuranDC.exe
2010-05-17 19:11 . 2010-05-21 15:23 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2010-05-17 19:11 . 2010-05-21 15:23 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 21:54 . 2007-10-03 04:47 335680 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-02-03 21:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-02-03 21:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-04-20 05:30 . 2004-08-11 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-12 05:38 . 2010-04-15 04:13 653312 ----a-w- c:\program files\Common Files\SetupDLL.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-03_04.25.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-15 15:19 . 2010-07-15 15:19 16384 c:\windows\Temp\Perflib_Perfdata_808.dat
+ 2007-12-19 03:22 . 2010-07-14 10:12 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-02-03 00:02 . 2010-07-03 04:20 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-02-03 00:02 . 2010-07-16 08:41 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2007-12-19 03:22 . 2010-07-14 10:12 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-19 03:22 . 2010-07-14 10:12 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-12-19 03:22 . 2010-06-10 10:31 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 21:01 . 2007-04-19 21:01 238424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-17 03:32 . 2007-01-17 03:32 136032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 20:54 . 2007-04-19 20:54 169312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2010-05-25 18:45 . 2010-05-25 18:45 8445440 c:\windows\Installer\61f8186.msp
+ 2010-06-12 00:55 . 2010-06-12 00:55 1827328 c:\windows\Installer\61f816e.msp
+ 2010-07-01 05:52 . 2010-07-01 05:52 5522944 c:\windows\Installer\61f8154.msp
+ 2007-05-10 20:43 . 2007-05-10 20:43 6688096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-10-05 06:46 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-06-12 00:52 . 2010-06-12 00:52 45542912 c:\windows\Installer\61f816f.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-02 2065760]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-02 06:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2009-07-27 15:50 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" /R
"MoeMonitor.exe"="c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe"
"MCW Startup"="c:\program files\Monitor Calibration Wizard\MCW.exe" /s
"QuickenScheduledUpdates"=c:\program files\Quicken\bagent.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Omnipage"=c:\program files\ScanSoft\OmniPageSE\opware32.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PuranADT"=c:\program files\Puran Defrag\PuranADT.exe
"MSConfig"=c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [7/1/2010 12:54 PM 30320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2010 11:09 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2010 11:09 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/1/2010 11:05 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/1/2010 11:04 PM 308136]
R2 BitKinex;BitKinex File Transfer Service;c:\program files\BitKinex\bitkinexsvc.exe DISPATCH --> c:\program files\BitKinex\bitkinexsvc.exe DISPATCH [?]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [7/1/2010 12:54 PM 6385616]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [11/3/2005 8:08 PM 95832]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [5/22/2009 6:30 PM 80384]
R2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [5/21/2010 8:23 AM 229376]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [7/1/2010 12:54 PM 61624]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2/25/2010 10:59 AM 1047880]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [7/1/2010 12:54 PM 24400]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [7/27/2009 8:57 AM 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [7/27/2009 8:57 AM 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 10:18 AM 10064]
S1 b22e03a3;b22e03a3;c:\windows\system32\drivers\b22e03a3.sys --> c:\windows\system32\drivers\b22e03a3.sys [?]
S2 gupdate1c974f744359078;Google Update Service (gupdate1c974f744359078);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2009 1:49 PM 136176]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/4/2008 3:09 PM 111896]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/1/2010 11:08 PM 430152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [1/18/2008 3:41 PM 37120]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [6/15/2009 4:21 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [6/3/2009 11:01 AM 174720]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/15/2009 3:34 PM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/15/2009 3:34 PM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/15/2009 3:34 PM 174720]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 11:27 AM 169200]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [7/27/2009 8:57 AM 44880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 07:01]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 07:01]

2010-07-05 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Download with BitKinex - c:\program files\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\BitKinex\ieext_reg.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - cxmagazine.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npadjdet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 02:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-07-16 02:26:00
ComboFix-quarantined-files.txt 2010-07-16 09:25
ComboFix2.txt 2010-07-03 04:30
ComboFix3.txt 2010-07-02 20:50

Pre-Run: 544,555,008 bytes free
Post-Run: 744,972,288 bytes free

- - End Of File - - A3573AF36350E199DD3C4B7E3986C2E7


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:52 AM

Posted 18 July 2010 - 12:41 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\documents and settings\Admin\Local Settings\Application Data\cckkwbobw
c:\windows\system32\drivers\b22e03a3.sys

Driver::
b22e03a3
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 19 July 2010 - 03:11 AM

here's the combofix. thanks for the continued help. for some reason I'm not getting the email alerts but I keep checking this page:

ComboFix 10-07-16.02 - Admin 07/19/2010 0:34.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1075 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\analyse.exe
Command switches used :: c:\documents and settings\Admin\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\documents and settings\Admin\Local Settings\Application Data\cckkwbobw"
"c:\windows\system32\drivers\b22e03a3.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_b22e03a3


((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-17 22:47 . 2010-07-17 22:47 565336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-13 23:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-08 18:39 . 2010-07-08 18:39 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-08 18:39 . 2010-07-08 18:39 -------- d-----w- c:\documents and settings\Admin\Application Data\Vso
2010-07-08 18:38 . 2010-07-08 18:39 -------- d-----w- c:\program files\DVDFab 7
2010-07-07 02:03 . 2010-07-18 22:38 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\prvlcl.dat
2010-07-06 22:43 . 2010-07-06 22:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AVG Security Toolbar
2010-07-02 17:42 . 2010-07-02 17:42 -------- d-----w- c:\program files\ESET
2010-07-02 07:46 . 2010-07-02 07:46 -------- d-----w- C:\$AVG
2010-07-02 06:52 . 2010-07-02 06:52 -------- d-----w- c:\program files\Common Files\Java
2010-07-02 06:52 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 06:09 . 2010-07-02 06:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-02 06:09 . 2010-07-02 06:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-02 06:09 . 2010-07-02 06:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 06:09 . 2010-07-02 06:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-02 06:08 . 2010-07-19 00:41 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-02 06:08 . 2010-07-02 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-02 06:00 . 2010-07-02 06:00 -------- d-----w- c:\program files\AVG
2010-07-02 05:59 . 2010-07-02 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-01 19:54 . 2010-07-15 08:04 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-07-01 19:54 . 2010-07-15 08:03 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-07-01 19:54 . 2010-07-15 08:03 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-01 19:54 . 2010-07-15 08:03 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-01 19:54 . 2010-07-01 19:54 -------- d-----w- c:\program files\Prevx
2010-07-01 19:54 . 2010-07-03 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-06-30 05:33 . 2010-06-30 16:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\cckkwbobw
2010-06-24 19:21 . 2010-06-24 19:21 -------- d-----w- c:\windows\system32\TVUAx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 07:51 . 2010-03-01 06:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-19 07:51 . 2008-01-08 06:16 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-18 05:15 . 2010-02-18 18:43 355665 ----a-w- c:\documents and settings\Admin\Application Data\Thunderbird\Profiles\6b6sofhy.default\ImapMail\imap.gmail.com\subscribe@cxmagazine.com
2010-07-18 05:15 . 2010-02-18 18:18 2049982 ----a-w- c:\documents and settings\Admin\Application Data\Thunderbird\Profiles\6b6sofhy.default\ImapMail\imap.gmail.com\info@cxmagazine.com
2010-07-18 05:13 . 2010-02-18 11:30 620678 ----a-w- c:\documents and settings\Admin\Application Data\Thunderbird\Profiles\6b6sofhy.default\ImapMail\imap.gmail.com\dan@cxmagazine.com
2010-07-18 04:26 . 2008-01-23 00:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-17 22:39 . 2009-11-23 23:42 -------- d-----w- c:\documents and settings\Admin\Application Data\XnView
2010-07-17 22:34 . 2009-11-13 08:08 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-07-17 16:45 . 2008-08-07 19:18 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-07-16 09:48 . 2010-05-21 15:23 -------- d-----w- c:\program files\Puran Defrag
2010-07-14 06:46 . 2008-02-05 18:39 -------- d-----w- c:\documents and settings\Admin\Application Data\GoodSync
2010-07-08 20:35 . 2010-07-08 20:35 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-605dcc42-n\msvcp71.dll
2010-07-08 20:35 . 2010-07-08 20:35 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-605dcc42-n\jmc.dll
2010-07-08 20:35 . 2010-07-08 20:35 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-605dcc42-n\msvcr71.dll
2010-07-08 20:34 . 2010-07-08 20:34 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40015015-n\decora-sse.dll
2010-07-08 20:34 . 2010-07-08 20:34 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40015015-n\decora-d3d.dll
2010-07-08 18:39 . 2010-07-08 18:39 47360 ----a-w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2010-07-08 18:39 . 2010-07-08 18:39 47360 ----a-w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2010-07-07 07:39 . 2008-07-08 05:53 -------- d-----w- c:\program files\Flickr Uploadr
2010-07-02 17:22 . 2004-08-04 04:07 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-07-02 08:48 . 2010-03-16 05:01 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-02 06:51 . 2007-09-21 04:31 -------- d-----w- c:\program files\Java
2010-07-02 04:32 . 2010-03-01 06:20 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-07-01 19:05 . 2009-08-09 06:45 -------- d-----w- c:\program files\Opera 10 Beta
2010-06-30 06:24 . 2009-02-03 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 08:01 . 2010-01-20 02:32 -------- d-----w- c:\documents and settings\Admin\Application Data\BitKinex
2010-06-27 10:54 . 2008-08-22 08:08 -------- d-----w- c:\program files\Swift To-Do List
2010-06-15 08:35 . 2008-08-16 22:49 -------- d-----w- c:\documents and settings\Admin\Application Data\Notepad++
2010-06-15 08:34 . 2008-08-16 22:49 -------- d-----w- c:\program files\Notepad++
2010-06-10 10:48 . 2008-08-12 07:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 05:52 . 2008-12-05 20:40 256 ----a-w- c:\windows\system32\pool.bin
2010-06-03 05:34 . 2008-12-05 08:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Research In Motion
2010-05-29 07:08 . 2007-09-21 04:56 -------- d-----w- c:\program files\Google
2010-05-24 03:48 . 2007-11-22 07:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-17 19:11 . 2010-05-21 15:23 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2010-05-17 19:11 . 2010-05-21 15:23 221184 ----a-w- c:\windows\system32\PuranDC.exe
2010-05-17 19:11 . 2010-05-21 15:23 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2010-05-17 19:11 . 2010-05-21 15:23 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 21:54 . 2007-10-03 04:47 335680 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-02-03 21:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-02-03 21:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-03-12 05:38 . 2010-04-15 04:13 653312 ----a-w- c:\program files\Common Files\SetupDLL.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-02 2065760]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-02 06:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2009-07-27 15:50 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" /R
"MoeMonitor.exe"="c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe"
"MCW Startup"="c:\program files\Monitor Calibration Wizard\MCW.exe" /s
"QuickenScheduledUpdates"=c:\program files\Quicken\bagent.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Omnipage"=c:\program files\ScanSoft\OmniPageSE\opware32.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PuranADT"=c:\program files\Puran Defrag\PuranADT.exe
"MSConfig"=c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [7/1/2010 12:54 PM 30320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2010 11:09 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2010 11:09 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/1/2010 11:05 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/1/2010 11:04 PM 308136]
R2 BitKinex;BitKinex File Transfer Service;c:\program files\BitKinex\bitkinexsvc.exe DISPATCH --> c:\program files\BitKinex\bitkinexsvc.exe DISPATCH [?]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [7/1/2010 12:54 PM 6385616]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [11/3/2005 8:08 PM 95832]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [5/22/2009 6:30 PM 80384]
R2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [5/21/2010 8:23 AM 229376]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [7/1/2010 12:54 PM 61624]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2/25/2010 10:59 AM 1047880]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [7/1/2010 12:54 PM 24400]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [7/27/2009 8:57 AM 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [7/27/2009 8:57 AM 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 10:18 AM 10064]
S2 gupdate1c974f744359078;Google Update Service (gupdate1c974f744359078);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2009 1:49 PM 136176]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/4/2008 3:09 PM 111896]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/1/2010 11:08 PM 430152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [1/18/2008 3:41 PM 37120]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [6/15/2009 4:21 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [6/3/2009 11:01 AM 174720]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/15/2009 3:34 PM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/15/2009 3:34 PM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/15/2009 3:34 PM 174720]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 11:27 AM 169200]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [7/27/2009 8:57 AM 44880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 07:01]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 07:01]

2010-07-05 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Download with BitKinex - c:\program files\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\BitKinex\ieext_reg.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - cxmagazine.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npadjdet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 00:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BitKinex\rubitkinexwe.dll
c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Live Mesh\Bin\WLCShell.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\BitKinex\bitkinexsvc.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Photodex\ProShow\ScsiAccess.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-07-19 01:08:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-19 08:08
ComboFix2.txt 2010-07-16 09:26
ComboFix3.txt 2010-07-03 04:30
ComboFix4.txt 2010-07-02 20:50

Pre-Run: 111,251,456 bytes free
Post-Run: 323,293,184 bytes free

- - End Of File - - 785AC255D607897CB334B34515F8BC80


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:52 AM

Posted 19 July 2010 - 11:27 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 20 July 2010 - 08:16 PM

here's mbam, looks good? kaspersky coming:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4333

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/20/2010 5:59:03 PM
mbam-log-2010-07-20 (17-59-03).txt

Scan type: Quick scan
Objects scanned: 136284
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:52 AM

Posted 21 July 2010 - 12:18 AM

Yep, so far so good. smile.gif

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 cyclocross

cyclocross
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 21 July 2010 - 09:49 AM

UGGGH!!!!!!

I was 91% done (even did an allnighter, somewhat related) with Kaspersky and then firefox crashed. CRAP!

it found 3 viruses....one was a trojan-ransom.win32x (ends in .aou) another was a trojan-dropper.

I'm re-running it again, but it obviously will set me back a long time. I was 6 hours into it.

any suggestions of how to ensure a full scan this time, or whether it's unnecessary to do it again, would be great. sadly, I don't have a log now of the first 3 viruses found.

thanks again for help and advice.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users