Trouble eradicating Zbot (and maybe VBS/Generic)

Hello,

About a week ago I got an AVG popup warning about a potential virus. I quarantined all but it kept popping up, so I kept deleting/quarantining. After a day it stopped, but not before a good chunk (15%?) of my programs were broken because they were quarantined, or had drivers deleted. I got worried so I downloaded and used a few other antivirus programs to try to be sure, which said at most one infected file, which i deleted/quarantined. The infection was listed as "ZbotR" I believe, along with VBS/Generic earlier.

Around the next day, I started getting an IE pop-up at random - "Web page unavailable when offline / Connect (or) Stay Offline." This seems odd because I've never used IE on this computer and I'm not trying to connect to anything! So I fear my computer still has something on it and would like a more informed opinion, because now I'm terrified to use it. Thanks a million for any insight you can provide.

my best
adam



DDS (Ver_10-10-21.02) - NTFSx86
Run by Adam at 17:59:55.15 on Sun 10/24/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.491 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k yksvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\s3graphics\chrome3\s3funkey.svc
C:\Program Files\s3graphics\chrome3\s3loadsv.svc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\s3graphics\chrome3\s3funkey.svc
C:\Program Files\Spotify\spotify.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\adam\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VTTimer] ;;;VTTimer.exe
mRun: [SUPBackGround] c:\program files\samsung\samsung update plus\SUPBackground.exe
mRun: [SamsungWInClon] c:\program files\samsung\samsung recovery solution iii\WCScheduler
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NBHGui] "c:\program files\nero\nero 9\incd\NBHGui.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [InCD] "c:\program files\nero\nero 9\incd\InCD.exe"
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [Chrome3] c:\program files\s3graphics\chrome3\Chrome3.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 71517842;71517842 Boot Guard Driver;c:\windows\system32\drivers\71517842.sys [2010-10-20 37392]
R1 71517841;71517841;c:\windows\system32\drivers\71517841.sys [2010-10-20 128016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-18 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-18 29584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-3-27 4300]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 S3Funkey;S3Funkey;c:\program files\s3graphics\chrome3\S3Funkey.svc [2009-4-30 444416]
R2 S3LoadSv;S3LoadSv;c:\program files\s3graphics\chrome3\s3loadsv.svc [2009-4-30 387072]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-3-27 14336]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2009-3-27 581632]
R3 vcrdrx32;VIA MSP Cardreader Host Controller;c:\windows\system32\drivers\vcrdrx32.sys [2009-3-27 90752]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-3-27 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-6 135664]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]

=============== Created Last 30 ================

2010-10-20 11:54:32 37392 ----a-w- c:\windows\system32\drivers\71517842.sys
2010-10-20 11:54:32 315408 ----a-w- c:\windows\system32\drivers\7151784.sys
2010-10-20 11:54:32 128016 ----a-w- c:\windows\system32\drivers\71517841.sys
2010-10-19 19:45:13 -------- d-----w- c:\docume~1\adam\applic~1\Malwarebytes
2010-10-19 19:44:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 19:44:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 19:44:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-19 19:44:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 18:51:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-19 18:51:59 -------- d-----w- c:\docume~1\adam\applic~1\SUPERAntiSpyware.com
2010-10-19 18:51:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-19 18:01:39 -------- d-----w- c:\program files\win
2010-10-17 23:51:32 -------- d-----w- c:\program files\Microsoft
2010-10-10 13:37:11 -------- d-----w- c:\program files\PokerTracker 3b
2010-10-10 13:36:19 -------- d-----w- c:\program files\PT3b

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 18:03:25.46 ===============

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  hlp.dat
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90

• Push the button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

OTL:


OTL logfile created on: 11/2/2010 1:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Adam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 17.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 0 50 0 50 0 50 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 30.90 Gb Free Space | 43.50% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 22.74 Gb Free Space | 31.59% Space Free | Partition Type: NTFS

Computer Name: HAYES1983 | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 13:12:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
PRC - [2010/10/21 22:25:42 | 004,311,728 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2010/10/19 19:07:56 | 005,568,856 | ---- | M] (PokerStars) -- C:\Program Files\PokerStars\PokerStars.exe
PRC - [2010/10/12 06:37:00 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/11 05:03:56 | 007,593,984 | ---- | M] (Hold'em Manager) -- C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe
PRC - [2010/10/11 04:55:52 | 002,801,664 | ---- | M] (Hold'em Manager) -- C:\Program Files\RVG Software\Holdem Manager\HMImport.exe
PRC - [2010/10/07 23:03:02 | 001,149,440 | ---- | M] () -- C:\Program Files\RVG Software\Holdem Manager\HMHud.exe
PRC - [2010/10/05 07:48:12 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/28 14:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/23 03:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/09/21 10:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/07/15 23:11:13 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 23:11:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 23:11:08 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 23:11:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/12 12:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/12/10 07:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 07:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/07/26 21:17:46 | 000,135,416 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2009/04/30 18:18:26 | 000,444,416 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Program Files\s3graphics\chrome3\S3Funkey.svc
PRC - [2009/04/30 18:18:24 | 000,387,072 | ---- | M] (S3 Graphics Co., Inc.) -- C:\Program Files\s3graphics\chrome3\s3loadsv.svc
PRC - [2009/03/27 20:13:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/27 18:34:04 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/22 02:53:40 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008/10/22 02:50:14 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 12:00:00 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\calc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/02 13:12:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/15 23:11:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/10 07:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/04/30 18:18:26 | 000,444,416 | ---- | M] (S3 Graphics Co., Ltd.) [Auto | Running] -- C:\Program Files\s3graphics\chrome3\S3Funkey.svc -- (S3Funkey)
SRV - [2009/04/30 18:18:24 | 000,387,072 | ---- | M] (S3 Graphics Co., Inc.) [Auto | Running] -- C:\Program Files\s3graphics\chrome3\s3loadsv.svc -- (S3LoadSv)
SRV - [2009/04/21 08:09:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 23:11:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/04 07:32:14 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\71517842.sys -- (71517842)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\71517841.sys -- (71517841)
DRV - [2009/06/03 22:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/04/29 22:49:46 | 000,581,632 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2009/04/21 08:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/12/23 10:00:00 | 000,090,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcrdrx32.sys -- (vcrdrx32)
DRV - [2008/11/19 02:30:50 | 004,951,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/23 20:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/28 18:18:14 | 000,224,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/29 15:59:08 | 000,879,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/26 23:29:54 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/26 23:29:50 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/07/26 23:29:36 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/04/14 12:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 03:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006/08/01 23:57:24 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2005/10/27 04:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/08/03 21:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions
[2009/08/03 21:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions\songbird@songbirdnest.com

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [Chrome3] C:\Program Files\s3graphics\chrome3\Chrome3.exe File not found
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe File not found
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 9\InCD\InCD.exe File not found
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe File not found
O4 - HKLM..\Run: [SamsungWInClon] File not found
O4 - HKLM..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2064275841-2983781559-1431461454-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/27 20:08:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b7c6e7f1-e038-11de-9a93-001377e46d72}\Shell\AutoRun\command - "" = E:\London_Business_School.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 13:12:18 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/10/29 20:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\moodys_files
[2010/10/29 19:23:04 | 000,000,000 | ---D | C] -- C:\HMArchive
[2010/10/29 19:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Local Settings\Application Data\In The Money
[2010/10/29 19:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Local Settings\Application Data\IsolatedStorage
[2010/10/29 19:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\HEM Data
[2010/10/29 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\RVG Software
[2010/10/29 19:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2010/10/23 16:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/20 11:54:32 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7151784.sys
[2010/10/20 11:54:32 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\71517841.sys
[2010/10/20 11:54:32 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\71517842.sys
[2010/10/20 11:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Virus Removal Tool
[2010/10/20 11:44:04 | 082,007,688 | ---- | C] ( ) -- C:\Documents and Settings\Adam\Desktop\setup_9.0.0.722_20.10.2010_13-19.exe
[2010/10/19 19:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Malwarebytes
[2010/10/19 19:44:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/19 19:44:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/19 19:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/19 19:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 18:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/19 18:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
[2010/10/19 18:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/19 18:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\win
[2010/10/18 22:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Samsung
[2010/10/17 23:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/10/10 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\PokerTracker 3b
[2010/10/10 13:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\PT3b
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adam\Desktop\*.tmp files -> C:\Documents and Settings\Adam\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/02 13:12:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/11/02 12:56:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2064275841-2983781559-1431461454-1005UA.job
[2010/11/02 12:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/02 07:37:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/02 00:56:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2064275841-2983781559-1431461454-1005Core.job
[2010/11/02 00:06:32 | 067,072,557 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/31 12:30:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HMHud.INI
[2010/10/29 20:43:10 | 000,103,222 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\moodys.htm
[2010/10/29 19:21:26 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HoldemManager.lnk
[2010/10/26 19:02:03 | 001,627,153 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Cover_Letter_Learning_Guide.pdf
[2010/10/24 17:02:24 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/10/24 16:53:59 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\dds.scr
[2010/10/23 16:15:41 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/23 16:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 16:07:37 | 1877,389,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 16:07:36 | 052,428,800 | -HS- | M] () -- C:\WINDOWS\0
[2010/10/23 15:31:14 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\todolon.rtf
[2010/10/23 00:57:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/23 00:57:42 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Google Chrome.lnk
[2010/10/20 11:49:38 | 082,007,688 | ---- | M] ( ) -- C:\Documents and Settings\Adam\Desktop\setup_9.0.0.722_20.10.2010_13-19.exe
[2010/10/19 22:41:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/19 20:48:47 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/10/19 19:44:54 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 18:51:35 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/19 18:02:11 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/10/19 15:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\gmer.exe
[2010/10/18 02:51:11 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/18 01:05:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/18 00:57:47 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/18 00:57:47 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 01:17:35 | 000,433,213 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\Luxury.pdf
[2010/10/05 00:07:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\MP.pst
[2010/10/05 00:07:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\EP.pst
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adam\Desktop\*.tmp files -> C:\Documents and Settings\Adam\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/31 12:30:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010/10/29 20:43:07 | 000,103,222 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\moodys.htm
[2010/10/29 19:21:26 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HoldemManager.lnk
[2010/10/26 19:02:03 | 001,627,153 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Cover_Letter_Learning_Guide.pdf
[2010/10/24 17:02:23 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/10/24 16:53:55 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\dds.scr
[2010/10/23 16:15:41 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/23 15:31:14 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\todolon.rtf
[2010/10/20 23:22:25 | 1877,389,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/19 22:41:59 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/10/19 19:44:54 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 18:51:35 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/19 15:00:08 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\gmer.exe
[2010/10/17 23:51:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/10/17 23:51:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/10/08 01:17:35 | 000,433,213 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\Luxury.pdf
[2010/10/05 00:07:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\MP.pst
[2010/10/05 00:07:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\EP.pst
[2010/08/09 19:57:28 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[2010/08/08 20:05:23 | 000,000,174 | ---- | C] () -- C:\WINDOWS\holdgemss.ini
[2010/01/20 17:48:43 | 000,000,090 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2010/01/20 17:48:06 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/01/20 17:48:05 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/01/20 17:48:02 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2009/12/04 10:06:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/03 17:12:04 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/29 13:11:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/06 17:46:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/25 01:36:05 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/07/15 16:32:06 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Adam_KBD.ini
[2009/05/20 18:11:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/27 20:41:56 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/03/27 20:41:56 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/03/27 20:41:54 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/03/27 20:41:54 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/03/27 20:41:54 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/03/27 20:41:54 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/03/27 20:41:54 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/03/27 20:41:54 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/03/27 20:41:54 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/03/27 20:41:54 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/03/27 20:41:54 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/03/27 20:41:54 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/03/27 20:41:54 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/03/27 20:41:54 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/03/27 20:41:54 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/03/27 20:41:54 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/03/27 20:41:54 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/03/27 20:41:54 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/03/27 20:41:54 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/03/27 20:21:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009/03/27 20:19:56 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/03/27 20:19:56 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/03/27 20:15:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\s3result.ini
[2009/03/27 20:12:26 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/03/27 18:51:57 | 001,585,152 | ---- | C] () -- C:\WINDOWS\System32\vcrdrICO.dll
[2009/03/27 18:49:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/27 12:00:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/17 18:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/08/26 22:47:06 | 454,625,895 | ---- | M] () -- C:\Microsoft Office 2003 Professional Enterprise Edition(no serial needed).exe


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/27 11:59:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/27 11:59:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/27 11:59:25 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/26 13:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:94A19129

< End of report >

Extras:

OTL Extras logfile created on: 11/2/2010 1:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Adam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 17.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 0 50 0 50 0 50 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 30.90 Gb Free Space | 43.50% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 22.74 Gb Free Space | 31.59% Space Free | Partition Type: NTFS

Computer Name: HAYES1983 | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Documents and Settings\Adam\My Documents\Downloads\888poker.exe" = C:\Documents and Settings\Adam\My Documents\Downloads\888poker.exe:*:Disabled:888poker.exe -- (Random-Logic)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager -- File not found
"C:\Program Files\Songbird\songbird.exe" = C:\Program Files\Songbird\songbird.exe:*:Disabled:Songbird Web Player -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08716EF4-E4CC-4BC7-97D5-7B6990114ACD}" = Betfair Poker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5D8884F4-A182-4C9F-8551-11B4AD1172AE}" = Markstrat Online Team
"{66d0983b-e3b5-4995-a8af-0e5319275627}" = Nero 9 Trial
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7A4562BE-DFE6-4456-84CC-5E03A4814902}" = Snap Assist
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Chrome9HC" = VIA Chrome9 HC3 IGP Display Driver
"CutePDF Writer Installation" = CutePDF Writer 2.8
"GNU Backgammon for Windows_is1" = GNU Backgammon 0.14.3-devel
"HoldemManager" = Holdem Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PokerRoom Home Game Organizer" = PokerRoom Home Game Organizer
"PokerStars" = PokerStars
"Songbird-release-1438" = Songbird 1.4.3 (Build 1438)
"Spotify" = Spotify
"SUITE" = The DecisionTools Suite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2064275841-2983781559-1431461454-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2010 1:24:56 PM | Computer Name = HAYES1983 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2010 5:48:27 PM | Computer Name = HAYES1983 | Source = Application Error | ID = 1000
Description = Faulting application pokertrackerhud.exe, version 3.7.2.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 9/10/2010 5:48:30 PM | Computer Name = HAYES1983 | Source = Application Error | ID = 1000
Description = Faulting application pokertrackerhud.exe, version 3.7.2.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 9/13/2010 9:30:32 AM | Computer Name = HAYES1983 | Source = Application Hang | ID = 1002
Description = Hanging application SnapAssist.exe, version 1.2.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/15/2010 12:17:48 PM | Computer Name = HAYES1983 | Source = Google Update | ID = 20
Description =

Error - 9/16/2010 7:31:33 AM | Computer Name = HAYES1983 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 12:12:49 PM | Computer Name = HAYES1983 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 6.0.472.62, fault address 0x00164287.

Error - 10/4/2010 1:32:09 PM | Computer Name = HAYES1983 | Source = Google Update | ID = 20
Description =

Error - 10/10/2010 9:24:35 AM | Computer Name = HAYES1983 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
gcswf32.dll, version 10.1.85.3, fault address 0x000c03f9.

Error - 10/10/2010 8:23:14 PM | Computer Name = HAYES1983 | Source = Application Error | ID = 1000
Description = Faulting application pokertracker.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011782.

[ System Events ]
Error - 10/23/2010 12:03:14 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/23/2010 12:03:14 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/23/2010 12:03:14 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/23/2010 12:03:14 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/23/2010 12:03:14 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/23/2010 12:08:07 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 10/24/2010 1:11:36 PM | Computer Name = HAYES1983 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/24/2010 1:11:38 PM | Computer Name = HAYES1983 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/30/2010 7:16:36 AM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 11/1/2010 9:52:22 PM | Computer Name = HAYES1983 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.


< End of report >

Hi,

please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
  Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

disabled resident shield in AVG 9, but ComboFix refused to run

so tried to uninstall AVG 9, but getting this error

---
Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.
---

tried to download the latest installer from AVG to get of AVG 9, but that didn't work either...

any ideas on how to kill AVG 9 dead, so I can run combofix?

thanks
adam

OK, managed to kill AVG 9 with the uninstaller from: http://forums.cnet.com/7723-19703_102-370070.html

here's the combofix log, what do you think? thanks again


------------------------


ComboFix 10-11-02.06 - Adam 11/03/2010 21:14:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1318 [GMT 0:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SEC
c:\windows\SEC\DelMt.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\Marker.exe
c:\windows\SEC\MEMIO.sys
c:\windows\SEC\MEMIO.vxd
c:\windows\SEC\MP10ENG.exe
c:\windows\SEC\Region.vbs
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\SEC\StartMem.exe
c:\windows\system32\dmlconf.dat

.
((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-10-29 19:23 . 2010-10-29 19:27 -------- d-----w- C:\HMArchive
2010-10-29 19:23 . 2010-10-29 19:23 -------- d-----w- c:\documents and settings\Adam\Local Settings\Application Data\In The Money
2010-10-29 19:22 . 2010-10-29 19:22 -------- d-----w- c:\documents and settings\Adam\Local Settings\Application Data\IsolatedStorage
2010-10-29 19:22 . 2010-10-29 19:22 -------- d-----w- c:\documents and settings\Adam\Application Data\HEM Data
2010-10-29 19:21 . 2010-10-29 19:21 -------- d-----w- c:\program files\RVG Software
2010-10-29 19:20 . 2010-10-29 19:22 -------- d-----w- c:\program files\PSQLINSTALL
2010-10-20 12:00 . 2010-10-20 12:00 -------- d-----w- c:\documents and settings\Administrator
2010-10-20 11:54 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\71517842.sys
2010-10-20 11:54 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\7151784.sys
2010-10-20 11:54 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\71517841.sys
2010-10-19 19:45 . 2010-10-19 19:45 -------- d-----w- c:\documents and settings\Adam\Application Data\Malwarebytes
2010-10-19 19:44 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 19:44 . 2010-10-19 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-19 19:44 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 19:44 . 2010-10-19 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 18:51 . 2010-10-19 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-19 18:51 . 2010-10-19 18:51 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
2010-10-19 18:51 . 2010-10-19 19:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-19 18:01 . 2010-10-19 18:08 -------- d-----w- c:\program files\win
2010-10-17 23:51 . 2010-10-18 23:23 -------- d-----w- c:\program files\Microsoft
2010-10-10 13:37 . 2010-10-19 22:18 -------- d-----w- c:\program files\PokerTracker 3b
2010-10-10 13:36 . 2010-10-10 13:36 -------- d-----w- c:\program files\PT3b

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-03-27 18:48 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-27 18:48 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-27 18:48 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-27 18:48 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2009-03-27 18:48 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2009-03-27 18:48 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2009-03-27 18:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2009-03-27 18:48 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-03-27 18:48 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-27 18:48 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-27 18:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-27 18:48 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-27 18:48 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-07-26 22:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-27 18:48 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-03-27 18:48 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2009-03-27 18:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"Google Update"="c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SamsungWInClon"="c:\program files\Samsung\Samsung Recovery Solution III\WCScheduler" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe" [2009-05-20 298664]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Adam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Adam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Documents and Settings\\Adam\\My Documents\\Downloads\\888poker.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 71517842;71517842 Boot Guard Driver;c:\windows\system32\drivers\71517842.sys [10/20/2010 11:54 AM 37392]
R1 71517841;71517841;c:\windows\system32\drivers\71517841.sys [10/20/2010 11:54 AM 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 6:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 6:41 PM 67656]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [3/27/2009 8:12 PM 4300]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 7:39 AM 65536]
R2 S3Funkey;S3Funkey;c:\program files\s3graphics\chrome3\S3Funkey.svc [4/30/2009 6:18 PM 444416]
R2 S3LoadSv;S3LoadSv;c:\program files\s3graphics\chrome3\s3loadsv.svc [4/30/2009 6:18 PM 387072]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [3/27/2009 6:48 PM 14336]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/15/2008 3:01 AM 30208]
R3 vcrdrx32;VIA MSP Cardreader Host Controller;c:\windows\system32\drivers\vcrdrx32.sys [3/27/2009 6:51 PM 90752]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [3/27/2009 8:17 PM 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 11:16 PM 135664]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 11:57 PM 19840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:16]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:16]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2064275841-2983781559-1431461454-1005Core.job
- c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:15]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2064275841-2983781559-1431461454-1005UA.job
- c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-NBHGui - c:\program files\Nero\Nero 9\InCD\NBHGui.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-InCD - c:\program files\Nero\Nero 9\InCD\InCD.exe
HKLM-Run-EDS - c:\program files\Samsung\Samsung EDS\EDSAgent.exe
HKLM-Run-Chrome3 - c:\program files\s3graphics\chrome3\Chrome3.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
Notify-avgrsstarter - avgrsstx.dll
AddRemove-Chrome9HC - c:\progra~1\S3\Chrome9HC\s3minset.exe
AddRemove-InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7} - c:\program files\InstallShield Installation Information\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\Setup.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-{145DE957-0679-4A2A-BB5C-1D3E9808FAB2} - c:\program files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
AddRemove-{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5} - c:\program files\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\setup.exe
AddRemove-{F4F41D14-E0DD-4FB4-AA09-A14225C769BD} - c:\program files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S3Funkey]
"ImagePath"="c:\program files\s3graphics\chrome3\s3funkey.svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S3LoadSv]
"ImagePath"="c:\program files\s3graphics\chrome3\s3loadsv.svc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
Completion time: 2010-11-03 21:25:14
ComboFix-quarantined-files.txt 2010-11-03 21:24

Pre-Run: 33,022,476,288 bytes free
Post-Run: 35,668,332,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D3462E1037E0B50B540FA7F7E6B3892B

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic356010.html/page__p__1987366__fromsearch__1#entry1987366

collect::
c:\windows\system32\drivers\71517842.sys
c:\windows\system32\drivers\7151784.sys
c:\windows\system32\drivers\71517841.sys

driver::
71517842
71517841

Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

i think... CFScript.txt disappeared while ComboFix was running?

In any case, here is the log, looks like upload worked...

---


ComboFix 10-11-02.06 - Adam 11/04/2010 19:46:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1423 [GMT 0:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adam\Desktop\CFScript.txt

file zipped: c:\windows\system32\drivers\7151784.sys
file zipped: c:\windows\system32\drivers\71517841.sys
file zipped: c:\windows\system32\drivers\71517842.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\7151784.sys
c:\windows\system32\drivers\71517841.sys
c:\windows\system32\drivers\71517842.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_71517841
-------\Legacy_71517842
-------\Service_71517841
-------\Service_71517842


((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-03 21:37 . 2010-11-03 21:37 -------- d-----w- c:\documents and settings\Adam\Application Data\AVG10
2010-11-03 21:35 . 2010-11-03 21:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-03 21:00 . 2010-11-03 21:00 -------- d-----w- C:\AVGTemp
2010-11-03 20:34 . 2010-11-03 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-29 19:23 . 2010-10-29 19:27 -------- d-----w- C:\HMArchive
2010-10-29 19:23 . 2010-10-29 19:23 -------- d-----w- c:\documents and settings\Adam\Local Settings\Application Data\In The Money
2010-10-29 19:22 . 2010-10-29 19:22 -------- d-----w- c:\documents and settings\Adam\Local Settings\Application Data\IsolatedStorage
2010-10-29 19:22 . 2010-10-29 19:22 -------- d-----w- c:\documents and settings\Adam\Application Data\HEM Data
2010-10-29 19:21 . 2010-10-29 19:21 -------- d-----w- c:\program files\RVG Software
2010-10-29 19:20 . 2010-10-29 19:22 -------- d-----w- c:\program files\PSQLINSTALL
2010-10-20 12:00 . 2010-10-20 12:00 -------- d-----w- c:\documents and settings\Administrator
2010-10-19 19:45 . 2010-10-19 19:45 -------- d-----w- c:\documents and settings\Adam\Application Data\Malwarebytes
2010-10-19 19:44 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 19:44 . 2010-10-19 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-19 19:44 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 19:44 . 2010-10-19 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 18:51 . 2010-10-19 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-19 18:51 . 2010-10-19 18:51 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
2010-10-19 18:51 . 2010-10-19 19:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-19 18:01 . 2010-10-19 18:08 -------- d-----w- c:\program files\win
2010-10-17 23:51 . 2010-10-18 23:23 -------- d-----w- c:\program files\Microsoft
2010-10-10 13:37 . 2010-10-19 22:18 -------- d-----w- c:\program files\PokerTracker 3b
2010-10-10 13:36 . 2010-10-10 13:36 -------- d-----w- c:\program files\PT3b

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-03-27 18:48 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-27 18:48 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-27 18:48 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-27 18:48 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2009-03-27 18:48 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2009-03-27 18:48 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2009-03-27 18:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2009-03-27 18:48 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-03-27 18:48 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-27 18:48 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-27 18:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-27 18:48 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-27 18:48 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-07-26 22:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-27 18:48 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-03-27 18:48 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2009-03-27 18:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-03_21.22.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-04 19:54 . 2010-11-04 19:54 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2010-11-03 21:35 . 2010-11-03 21:35 3019264 c:\windows\Installer\18544a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"Google Update"="c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SamsungWInClon"="c:\program files\Samsung\Samsung Recovery Solution III\WCScheduler" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe" [2009-05-20 298664]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Adam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Adam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Documents and Settings\\Adam\\My Documents\\Downloads\\888poker.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 6:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 6:41 PM 67656]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [3/27/2009 8:12 PM 4300]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 7:39 AM 65536]
R2 S3Funkey;S3Funkey;c:\program files\s3graphics\chrome3\S3Funkey.svc [4/30/2009 6:18 PM 444416]
R2 S3LoadSv;S3LoadSv;c:\program files\s3graphics\chrome3\s3loadsv.svc [4/30/2009 6:18 PM 387072]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [3/27/2009 6:48 PM 14336]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/15/2008 3:01 AM 30208]
R3 vcrdrx32;VIA MSP Cardreader Host Controller;c:\windows\system32\drivers\vcrdrx32.sys [3/27/2009 6:51 PM 90752]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [3/27/2009 8:17 PM 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 11:16 PM 135664]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 11:57 PM 19840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:16]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:16]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2064275841-2983781559-1431461454-1005Core.job
- c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:15]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2064275841-2983781559-1431461454-1005UA.job
- c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S3Funkey]
"ImagePath"="c:\program files\s3graphics\chrome3\s3funkey.svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S3LoadSv]
"ImagePath"="c:\program files\s3graphics\chrome3\s3loadsv.svc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1368)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-11-04 19:57:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-04 19:57
ComboFix2.txt 2010-11-03 21:25

Pre-Run: 35,378,241,536 bytes free
Post-Run: 35,314,307,072 bytes free

- - End Of File - - 7E52F1A4DA40CB55B8FF675C84E54A3B
Upload was successful

Hi,

this is looking good. How is the PC doing?

regards myrti

seems noticeably quicker and haven't gotten any weird IE pop-ups since! looking good, anything else i should do?

thanks a million
adam

Hi,

yes please reinstall AVG (or an alternative anti virus program) and run an online scan with Kaspersky to check for leftovers:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

one leftover, how best to remove it? thankssss


KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 9, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 08, 2010 20:19:47
Records in database: 4238055
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 65145
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 04:16:16

File name Threat Threats count
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\24\f40d558-2f79ed42 Infected: Trojan-Downloader.Java.Agent.hx 1
Selected area has been scanned.

Hi,

please empty java cache to remove the file Kaspersky found:
Clear the Java cache:

• Go to Start -> Control Panel.
• In the Control Panel, double-click the Java icon.
  • The Java Control Panel appears.
• Click Settings... under "Temporary Internet Files".The Temporary Files Settings dialog box appears.
• Click Delete Files...The Delete Temporary Files dialog box appears.
• Click OK on the Delete Temporary Files window.
  NOTE: This deletes all the Downloaded Applications and Applets from the cache!
• Click OK on the Temporary Files Settings window.
• Close the Java Control Panel.
  
  You can also view these instructions along with screenshots here.

Please also update your Java:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "JDK 6 Update 22 (JDK or JRE)"
• Click the "Download JRE" button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

OK, done. i tried to run Kaspersky again but it didn't work, anything special i need to do?

Thanks
A

Hi,

the online scanner? It worked earlier, no?

How did it not work?

regards myrti