Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Error message: the module could not be found


(!)

runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
17-Sep-2009, 11:14 AM #1
Error message: the module could not be found
Hello,

Every time I start my studio xps Vista I get the same message:
Error loading C:/Users/janko/AppData/Roaming/iuluusfh.dll

The specified module could not be found.

Can anybody help me please!

It is very anoying
joeten's Avatar
Senior Member with 3,852 posts.
 
Join Date: Jan 2009
Experience: Intermediate
17-Sep-2009, 12:44 PM #2
hi and welcome to the forum try running sfc /scnw http://www.vistax64.com/tutorials/66...c-command.html
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
17-Sep-2009, 03:08 PM #3
Thank you for the reply joeten!!!

I have scanned the system with RegistryBooster 2009. It found 115 errors and it successfully removed them all.

When I restarted, the message "specified module could not be found" was Unfortunately back on the screen.

Still hoping for a solution...
joeten's Avatar
Senior Member with 3,852 posts.
 
Join Date: Jan 2009
Experience: Intermediate
17-Sep-2009, 05:15 PM #4
hi that was a mistake reg cleaners are not all there are cracked up to be they can cause more issues than they ever solve,at this point you can either try system restore to a point before this issue started or you try running a repair from your install or recovery disc http://www.bleepingcomputer.com/tuto...torial148.html
don't worry about the regcleaner it is done now but please keep in mind for the future,I as have many of the folks here seen the damage they can do often it can mean a reinstall of the os
TheOutcaste's Avatar
Computer Specs
Member with 9,028 posts.
 
Join Date: Aug 2007
Location: Oregon, USA
Experience: Intermediate
18-Sep-2009, 04:29 AM #5
AppData\Roaming should not have any files in it, just folders. The iuluusfh.dll file is probably a virus or malware file that was removed.
The error appears because the registry entry that started it is still present.

Just the thing a Registry Cleaner is supposed to find but this one didn't. Another reason to stay away from them.

Though it could be your system is still infected.

You should read this sticky from the Malware Forum, download and run HiJackThis, post the log in this thread, then click the Report button at the bottom of the post and ask for this thread to be moved to the Malware forum.
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
25-Sep-2009, 06:11 AM #6
Hello,

I am sorry for the delay. I have had a very busy week.

So after scanning HiJackThis the results are as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:13, on 25.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/de...=si&l=en&s=bsd
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siol.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SiOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: D - {90DC4F03-A9C6-35C6-9883-E5868BFAE18E} - (no file)
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ynjejjudu] rundll32.exe "C:\Users\janko\AppData\Roaming\iuluusfh.dll",yhlrgyl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\aestsrv.e xe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\STacSV.ex e
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11251 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,021 posts.
 
Join Date: Aug 2003
25-Sep-2009, 12:28 PM #7
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
__________________
Microsoft MVP - Consumer Security
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
28-Sep-2009, 06:55 AM #8
Hello,
today I have recieved a messege from AVG:
threat detected!
C:/Users/janko/AppData/Roaming/iuluusfh.dllž
trojan horse Generic 12.AHXY
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
28-Sep-2009, 07:02 AM #9
It is the same file as from the error message


Last edited by runningmouse; 28-Sep-2009 at 09:00 AM..
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
28-Sep-2009, 11:01 AM #10
Hello Cookiegal!

Here are the results from ComboFix. I have renamed the saved file to Combo-Fix.exe like you instructed. First I thought that AVG will remove the problem, but the error message returned.

ComboFix 09-09-27.05 - janko 28.09.2009 16:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.386.1033.18.3066.1660 [GMT 2:00]
Running from: c:\users\janko\Documents\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 14:50 . 2009-09-28 14:50 -------- d-----w- c:\users\janko\AppData\Local\temp
2009-09-28 14:50 . 2009-09-28 14:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-28 14:50 . 2009-09-28 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-28 13:37 . 2009-09-28 13:37 -------- d-----w- c:\program files\R
2009-09-26 12:06 . 2009-09-26 12:06 -------- d-----w- c:\users\janko\AppData\Local\DOSBox
2009-09-26 11:27 . 2009-09-26 11:28 -------- d-----w- c:\program files\DOSBox-0.73
2009-09-25 09:46 . 2009-09-25 09:46 -------- d-----w- c:\program files\Trend Micro
2009-09-17 22:25 . 2009-09-17 22:25 -------- d-----w- c:\users\janko\AppData\Local\Dell
2009-09-17 21:15 . 2009-09-17 21:15 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-09-17 20:58 . 2009-09-17 21:01 -------- d-----w- c:\programdata\DriverScanner
2009-09-17 20:57 . 2009-09-17 20:59 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-09-17 20:42 . 2009-09-17 20:44 -------- d-----w- c:\windows\system32\ca-ES
2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\eu-ES
2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\vi-VN
2009-09-17 17:49 . 2009-09-17 20:58 -------- d-----w- c:\users\janko\AppData\Roaming\Uniblue
2009-09-17 17:48 . 2009-09-17 20:58 -------- d-----w- c:\program files\Uniblue
2009-09-17 10:59 . 2009-09-17 10:59 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-17 10:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-17 10:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-17 10:56 . 2009-09-17 10:56 -------- d-----w- c:\program files\iPod
2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\program files\iTunes
2009-09-17 10:55 . 2009-09-17 10:55 -------- d-----w- c:\program files\QuickTime
2009-09-09 02:41 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 02:41 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 02:41 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 02:41 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 02:41 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-04 07:27 . 2009-09-04 07:29 -------- d-----w- c:\users\janko\AppData\Local\Google
2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Deployment
2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Apps
2009-09-03 14:51 . 2009-09-28 12:50 -------- d-----w- C:\$AVG8.VAULT$
2009-09-03 14:26 . 2009-09-03 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 14:26 . 2009-09-03 14:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-03 14:26 . 2009-09-03 14:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 14:26 . 2009-09-03 14:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-03 14:25 . 2009-09-28 08:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-03 14:25 . 2009-09-03 14:27 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-03 14:25 . 2009-09-03 14:25 -------- d-----w- c:\programdata\avg8
2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\users\janko\AppData\Roaming\AVG8
2009-09-03 12:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 12:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 07:15 . 2009-09-17 22:23 -------- d-----w- c:\users\janko\AppData\Roaming\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 14:40 . 2009-08-22 10:38 -------- d-----w- c:\users\janko\AppData\Roaming\Skype
2009-09-28 14:37 . 2009-08-18 10:03 6944 ----a-w- c:\users\janko\AppData\Local\d3d9caps.dat
2009-09-28 14:37 . 2009-04-06 12:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-28 14:02 . 2009-08-22 14:57 -------- d-----w- c:\program files\pdfforge Toolbar
2009-09-28 14:01 . 2009-08-22 10:44 -------- d-----w- c:\users\janko\AppData\Roaming\skypePM
2009-09-24 07:36 . 2009-08-23 08:50 -------- d-----w- c:\users\janko\AppData\Roaming\XnView
2009-09-18 09:12 . 2009-08-22 15:39 -------- d-----w- c:\users\janko\AppData\Roaming\BSplayer PRO
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-17 20:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-17 10:56 . 2009-08-25 19:17 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 15:36 . 2009-08-23 08:37 -------- d-sh--w- c:\users\janko\AppData\Roaming\lowsec
2009-08-28 09:50 . 2009-08-25 18:49 -------- d-sh--r- c:\users\janko\AppData\Roaming\System32
2009-08-26 08:02 . 2009-05-04 08:39 102672 ----a-w- c:\users\janko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-25 19:51 . 2009-04-06 12:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\users\janko\AppData\Roaming\Apple Computer
2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 19:18 . 2009-08-25 19:06 -------- d-----w- c:\programdata\Apple Computer
2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\program files\Bonjour
2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\programdata\Apple
2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\program files\Apple Software Update
2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\program files\Merriam-Webster
2009-08-25 18:56 . 2009-08-25 18:56 -------- d-----w- c:\program files\Random House, Inc
2009-08-23 12:08 . 2009-08-23 12:08 -------- d-----w- c:\programdata\FLEXnet
2009-08-23 08:49 . 2009-08-23 08:49 -------- d-----w- c:\program files\XnView
2009-08-23 08:38 . 2009-08-23 08:36 -------- d-----w- c:\programdata\WinZip
2009-08-22 15:39 . 2009-08-22 15:39 -------- d-----w- c:\program files\Webteh
2009-08-22 14:57 . 2009-08-22 14:54 -------- d-----w- c:\program files\PDFCreator
2009-08-22 11:47 . 2009-08-22 11:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-22 11:46 . 2009-08-22 11:39 38208 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-22 11:39 . 2009-08-22 11:39 -------- d-----w- c:\users\janko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702 B320485DF8CE.1
2009-08-22 10:44 . 2009-08-22 10:44 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-08-22 10:25 . 2009-08-22 10:24 -------- d-----r- c:\program files\Skype
2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\program files\Common Files\Skype
2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\programdata\Skype
2009-08-15 17:49 . 2009-04-06 12:54 -------- d-----w- c:\programdata\CyberLink
2009-08-15 17:49 . 2009-08-15 17:49 -------- d-----w- c:\users\janko\AppData\Roaming\CyberLink
2009-08-15 17:27 . 2009-08-15 17:27 -------- d-----w- c:\programdata\WindowsSearch
2009-08-15 08:31 . 2009-08-15 08:31 -------- d-----w- c:\users\janko\AppData\Roaming\Bullzip
2009-08-14 16:27 . 2009-09-09 03:23 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 03:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 03:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 03:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 03:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 03:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 03:23 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 03:23 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 03:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 19:24 . 2009-08-13 19:24 1961720 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-08 20:18 . 2009-05-04 11:24 -------- d-----w- c:\program files\Norman
2009-08-08 20:03 . 2009-07-21 11:17 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-08 19:18 . 2009-08-08 19:18 -------- d-----w- c:\program files\AVG
2009-08-07 18:38 . 2009-08-07 18:38 -------- d-----w- c:\program files\BitTorrent
2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\users\janko\AppData\Roaming\Sony
2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\programdata\Sony
2009-08-06 18:54 . 2009-08-06 18:54 -------- d-----w- c:\programdata\Creative
2009-08-06 18:25 . 2009-08-06 18:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony Ericsson
2009-08-06 17:50 . 2009-08-06 17:50 -------- d-----w- c:\users\janko\AppData\Roaming\Creative
2009-07-23 14:02 . 2009-07-23 14:03 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-07-21 21:52 . 2009-08-05 08:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-05 08:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-05 08:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-05 08:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 16:14 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 16:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 16:14 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 16:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 16:14 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 03:23 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 03:23 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 03:23 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 03:23 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 03:23 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-04-06 12:50 . 2009-04-06 12:50 74 --sh--r- c:\windows\CT4CET.bin
2009-04-06 21:53 . 2009-04-06 21:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-28_14.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-28 14:39 50050 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-09-28 13:52 50050 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-28 14:39 82330 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-05-04 08:34 . 2009-09-28 13:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-05-04 08:34 . 2009-09-28 14:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-05-04 08:34 . 2009-09-28 13:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-05-04 08:34 . 2009-09-28 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-05-04 08:34 . 2009-09-28 13:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-05-04 08:34 . 2009-09-28 14:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-05-04 08:40 . 2009-09-28 14:39 7510 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2704096314-976525091-2087800792-1000_UserData.bin
- 2009-09-28 13:50 . 2009-09-28 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-28 14:37 . 2009-09-28 14:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-28 13:50 . 2009-09-28 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-28 14:37 . 2009-09-28 14:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-09-28 14:43 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-28 13:56 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-28 14:43 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-28 13:56 101250 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Google Update"="c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1422632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-19 483420]
"FAStartup"="" [BU]

c:\users\janko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 15:16 140544 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-06 12:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e9,6c,b4,7d,d8,37,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{711FE0A8-5EAB-4216-AE11-1D4F83E1B784}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{641B3C5D-63A2-4B72-967B-B5F42607D995}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{93C451AD-3E09-40EA-A8F8-7D46EAA4670A}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{A655A7EE-97FA-4E52-9830-F2277322EDD3}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{3EA5F1B6-7836-46CC-B6D3-E379E1BE89E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{AC4E2463-7150-462D-9143-003BFF70C84A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{0355729E-E714-4C53-AD98-5E26A73FAA8E}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exeell Video Chat
"{1C9AAAAC-F104-43B3-9DE1-38A6E36AC79D}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exeell Video Chat
"{802F0562-A70A-4DFC-B183-26902A999AFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66E42583-2428-4A87-8875-25BF768A9724}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A2F832F4-6EAA-4F89-A259-9632D7E16604}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{24FF1380-1872-4D9B-9F14-936DCE1CF7BD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{47527AA3-A09E-4101-BF99-745FD29B9BF2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{20E581DD-BF75-4E3E-B5BD-B1E0E04664EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60550F07-51B7-4EA9-858E-B56218B2115C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3.9.2009 16:26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3.9.2009 16:26 108552]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Nvc\bin\ngs.sys [4.5.2009 13:27 22712]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [6.4.2009 14:54 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\A EstSrv.exe [7.4.2009 0:08 81920]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3.9.2009 16:25 297752]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23.9.2008 22:09 155648]
R2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [5.9.2008 17:16 2340096]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6.4.2009 14:32 29736]
R3 hcw17bda;WinTV-NOVA-TA (engineering sample);c:\windows\System32\drivers\hcw17bda.sys [7.4.2009 0:09 41472]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7.4.2009 0:08 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7.4.2009 0:09 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [7.4.2009 0:09 3663360]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [7.4.2009 0:09 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [7.4.2009 0:09 279488]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [2.8.2008 16:36 230912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000Core.job
- c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000UA.job
- c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.siol.net
uInternet Settings,ProxyOverride = *.local
IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 16:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\FAPassSync.dll

- - - - - - - > 'Explorer.exe'(3156)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-09-28 16:51
ComboFix-quarantined-files.txt 2009-09-28 14:51
ComboFix2.txt 2009-09-28 14:04

Pre-Run: 215.127.752.704 bytes free
Post-Run: 215.093.092.352 bytes free

297 --- E O F --- 2009-09-24 14:05
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,021 posts.
 
Join Date: Aug 2003
28-Sep-2009, 07:11 PM #11
That was the second run of ComboFix. I would like to see the log from the first run please. You will find it at the following location:

C:\qoobox\ComboFix2.txt
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
29-Sep-2009, 03:22 AM #12
Ok,
here is from the first run

ComboFix 09-09-27.05 - janko 28.09.2009 15:58.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.386.1033.18.3066.1748 [GMT 2:00]
Running from: c:\users\janko\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2704096314-976525091-2087800792-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\program files\pdfforge Toolbar\SearchSettings.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 14:02 . 2009-09-28 14:03 -------- d-----w- c:\users\janko\AppData\Local\temp
2009-09-28 14:02 . 2009-09-28 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-28 13:37 . 2009-09-28 13:37 -------- d-----w- c:\program files\R
2009-09-26 12:06 . 2009-09-26 12:06 -------- d-----w- c:\users\janko\AppData\Local\DOSBox
2009-09-26 11:27 . 2009-09-26 11:28 -------- d-----w- c:\program files\DOSBox-0.73
2009-09-25 09:46 . 2009-09-25 09:46 -------- d-----w- c:\program files\Trend Micro
2009-09-17 22:25 . 2009-09-17 22:25 -------- d-----w- c:\users\janko\AppData\Local\Dell
2009-09-17 21:15 . 2009-09-17 21:15 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-09-17 20:58 . 2009-09-17 21:01 -------- d-----w- c:\programdata\DriverScanner
2009-09-17 20:57 . 2009-09-17 20:59 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-09-17 20:42 . 2009-09-17 20:44 -------- d-----w- c:\windows\system32\ca-ES
2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\eu-ES
2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\vi-VN
2009-09-17 17:49 . 2009-09-17 20:58 -------- d-----w- c:\users\janko\AppData\Roaming\Uniblue
2009-09-17 17:48 . 2009-09-17 20:58 -------- d-----w- c:\program files\Uniblue
2009-09-17 10:59 . 2009-09-17 10:59 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-17 10:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-17 10:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-17 10:56 . 2009-09-17 10:56 -------- d-----w- c:\program files\iPod
2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\program files\iTunes
2009-09-17 10:55 . 2009-09-17 10:55 -------- d-----w- c:\program files\QuickTime
2009-09-09 02:41 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 02:41 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 02:41 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 02:41 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 02:41 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-04 07:27 . 2009-09-04 07:29 -------- d-----w- c:\users\janko\AppData\Local\Google
2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Deployment
2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Apps
2009-09-03 14:51 . 2009-09-28 12:50 -------- d-----w- C:\$AVG8.VAULT$
2009-09-03 14:26 . 2009-09-03 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 14:26 . 2009-09-03 14:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-03 14:26 . 2009-09-03 14:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 14:26 . 2009-09-03 14:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-03 14:25 . 2009-09-28 08:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-03 14:25 . 2009-09-03 14:27 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-03 14:25 . 2009-09-03 14:25 -------- d-----w- c:\programdata\avg8
2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\users\janko\AppData\Roaming\AVG8
2009-09-03 12:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 12:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 07:15 . 2009-09-17 22:23 -------- d-----w- c:\users\janko\AppData\Roaming\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 14:02 . 2009-08-22 14:57 -------- d-----w- c:\program files\pdfforge Toolbar
2009-09-28 14:01 . 2009-08-22 10:44 -------- d-----w- c:\users\janko\AppData\Roaming\skypePM
2009-09-28 13:52 . 2009-08-22 10:38 -------- d-----w- c:\users\janko\AppData\Roaming\Skype
2009-09-28 13:47 . 2009-04-06 12:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-24 07:36 . 2009-08-23 08:50 -------- d-----w- c:\users\janko\AppData\Roaming\XnView
2009-09-18 09:12 . 2009-08-22 15:39 -------- d-----w- c:\users\janko\AppData\Roaming\BSplayer PRO
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-17 20:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-17 17:38 . 2009-08-18 10:03 680 ----a-w- c:\users\janko\AppData\Local\d3d9caps.dat
2009-09-17 10:56 . 2009-08-25 19:17 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 15:36 . 2009-08-23 08:37 -------- d-sh--w- c:\users\janko\AppData\Roaming\lowsec
2009-08-28 09:50 . 2009-08-25 18:49 -------- d-sh--r- c:\users\janko\AppData\Roaming\System32
2009-08-26 08:02 . 2009-05-04 08:39 102672 ----a-w- c:\users\janko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-25 19:51 . 2009-04-06 12:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\users\janko\AppData\Roaming\Apple Computer
2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 19:18 . 2009-08-25 19:06 -------- d-----w- c:\programdata\Apple Computer
2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\program files\Bonjour
2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\programdata\Apple
2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\program files\Apple Software Update
2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\program files\Merriam-Webster
2009-08-25 18:56 . 2009-08-25 18:56 -------- d-----w- c:\program files\Random House, Inc
2009-08-23 12:08 . 2009-08-23 12:08 -------- d-----w- c:\programdata\FLEXnet
2009-08-23 08:49 . 2009-08-23 08:49 -------- d-----w- c:\program files\XnView
2009-08-23 08:38 . 2009-08-23 08:36 -------- d-----w- c:\programdata\WinZip
2009-08-22 15:39 . 2009-08-22 15:39 -------- d-----w- c:\program files\Webteh
2009-08-22 14:57 . 2009-08-22 14:54 -------- d-----w- c:\program files\PDFCreator
2009-08-22 11:47 . 2009-08-22 11:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-22 11:46 . 2009-08-22 11:39 38208 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-22 11:39 . 2009-08-22 11:39 -------- d-----w- c:\users\janko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702 B320485DF8CE.1
2009-08-22 10:44 . 2009-08-22 10:44 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-08-22 10:25 . 2009-08-22 10:24 -------- d-----r- c:\program files\Skype
2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\program files\Common Files\Skype
2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\programdata\Skype
2009-08-15 17:49 . 2009-04-06 12:54 -------- d-----w- c:\programdata\CyberLink
2009-08-15 17:49 . 2009-08-15 17:49 -------- d-----w- c:\users\janko\AppData\Roaming\CyberLink
2009-08-15 17:27 . 2009-08-15 17:27 -------- d-----w- c:\programdata\WindowsSearch
2009-08-15 08:31 . 2009-08-15 08:31 -------- d-----w- c:\users\janko\AppData\Roaming\Bullzip
2009-08-14 16:27 . 2009-09-09 03:23 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 03:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 03:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 03:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 03:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 03:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 03:23 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 03:23 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 03:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 19:24 . 2009-08-13 19:24 1961720 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-08 20:18 . 2009-05-04 11:24 -------- d-----w- c:\program files\Norman
2009-08-08 20:03 . 2009-07-21 11:17 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-08 19:18 . 2009-08-08 19:18 -------- d-----w- c:\program files\AVG
2009-08-07 18:38 . 2009-08-07 18:38 -------- d-----w- c:\program files\BitTorrent
2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\users\janko\AppData\Roaming\Sony
2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\programdata\Sony
2009-08-06 18:54 . 2009-08-06 18:54 -------- d-----w- c:\programdata\Creative
2009-08-06 18:25 . 2009-08-06 18:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony Ericsson
2009-08-06 17:50 . 2009-08-06 17:50 -------- d-----w- c:\users\janko\AppData\Roaming\Creative
2009-07-23 14:02 . 2009-07-23 14:03 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-07-21 21:52 . 2009-08-05 08:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-05 08:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-05 08:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-05 08:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 16:14 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 16:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 16:14 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 16:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 16:14 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 03:23 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 03:23 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 03:23 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 03:23 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 03:23 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-04-06 12:50 . 2009-04-06 12:50 74 --sh--r- c:\windows\CT4CET.bin
2009-04-06 21:53 . 2009-04-06 21:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Google Update"="c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1422632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-19 483420]

c:\users\janko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 15:16 140544 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-06 12:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e9,6c,b4,7d,d8,37,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{711FE0A8-5EAB-4216-AE11-1D4F83E1B784}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{641B3C5D-63A2-4B72-967B-B5F42607D995}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{93C451AD-3E09-40EA-A8F8-7D46EAA4670A}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{A655A7EE-97FA-4E52-9830-F2277322EDD3}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{3EA5F1B6-7836-46CC-B6D3-E379E1BE89E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{AC4E2463-7150-462D-9143-003BFF70C84A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{0355729E-E714-4C53-AD98-5E26A73FAA8E}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exeell Video Chat
"{1C9AAAAC-F104-43B3-9DE1-38A6E36AC79D}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exeell Video Chat
"{802F0562-A70A-4DFC-B183-26902A999AFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66E42583-2428-4A87-8875-25BF768A9724}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A2F832F4-6EAA-4F89-A259-9632D7E16604}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{24FF1380-1872-4D9B-9F14-936DCE1CF7BD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{47527AA3-A09E-4101-BF99-745FD29B9BF2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{20E581DD-BF75-4E3E-B5BD-B1E0E04664EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60550F07-51B7-4EA9-858E-B56218B2115C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3.9.2009 16:26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3.9.2009 16:26 108552]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Nvc\bin\ngs.sys [4.5.2009 13:27 22712]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [6.4.2009 14:54 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\A EstSrv.exe [7.4.2009 0:08 81920]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3.9.2009 16:25 297752]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23.9.2008 22:09 155648]
R2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [5.9.2008 17:16 2340096]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6.4.2009 14:32 29736]
R3 hcw17bda;WinTV-NOVA-TA (engineering sample);c:\windows\System32\drivers\hcw17bda.sys [7.4.2009 0:09 41472]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7.4.2009 0:08 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7.4.2009 0:09 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [7.4.2009 0:09 3663360]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [7.4.2009 0:09 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [7.4.2009 0:09 279488]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [2.8.2008 16:36 230912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000Core.job
- c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000UA.job
- c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.siol.net
uInternet Settings,ProxyOverride = *.local
IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

BHO-{90DC4F03-A9C6-35C6-9883-E5868BFAE18E} - (no file)
HKCU-Run-ynjejjudu - c:\users\janko\AppData\Roaming\iuluusfh.dll
HKLM-Run-FAStartup - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 16:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\janko\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\FAPassSync.dll
.
Completion time: 2009-09-28 16:04
ComboFix-quarantined-files.txt 2009-09-28 14:04

Pre-Run: 214.996.295.680 bytes free
Post-Run: 215.214.563.328 bytes free

282 --- E O F --- 2009-09-24 14:05
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,021 posts.
 
Join Date: Aug 2003
30-Sep-2009, 11:36 AM #13
Were you using Norman as your anti-virus program previously?

Open Notepad and copy and paste the text in the code box below into it:

Code:
DirLook::
c:\program files\R
c:\users\janko\AppData\Roaming\lowsec
c:\users\janko\AppData\Roaming\System32
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
30-Sep-2009, 02:51 PM #14
Hello

Yes I did use Norman previously. Thank you Cookiegal for the above instructions. I will do that immediately.

runningmouse
runningmouse's Avatar
runningmouse runningmouse is offline runningmouse has a Profile Picture
runningmouse has a Photo Album
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Aug 2009
Experience: Basic knowledge
30-Sep-2009, 05:44 PM #15
Here are the Hijackthis results with draged CFScript.txt into ComboFix.exe:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:39, on 30.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siol.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/de...=si&l=en&s=bsd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\aestsrv.e xe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\STacSV.ex e
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9846 bytes
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑