1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Error message: the module could not be found

Discussion in 'Virus & Other Malware Removal' started by runningmouse, Sep 17, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Hello,

    Every time I start my studio xps Vista I get the same message:
    Error loading C:/Users/janko/AppData/Roaming/iuluusfh.dll

    The specified module could not be found.

    Can anybody help me please!

    It is very anoying
     
  2. joeten

    joeten

    Joined:
    Jan 15, 2009
    Messages:
    3,852
  3. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Thank you for the reply joeten!!!

    I have scanned the system with RegistryBooster 2009. It found 115 errors and it successfully removed them all.

    When I restarted, the message "specified module could not be found" was Unfortunately back on the screen.

    Still hoping for a solution...
     
  4. joeten

    joeten

    Joined:
    Jan 15, 2009
    Messages:
    3,852
    hi that was a mistake reg cleaners are not all there are cracked up to be they can cause more issues than they ever solve,at this point you can either try system restore to a point before this issue started or you try running a repair from your install or recovery disc http://www.bleepingcomputer.com/tutorials/tutorial148.html
    don't worry about the regcleaner it is done now but please keep in mind for the future,I as have many of the folks here seen the damage they can do often it can mean a reinstall of the os
     
  5. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    AppData\Roaming should not have any files in it, just folders. The iuluusfh.dll file is probably a virus or malware file that was removed.
    The error appears because the registry entry that started it is still present.

    Just the thing a Registry Cleaner is supposed to find but this one didn't. Another reason to stay away from them.

    Though it could be your system is still infected.

    You should read this sticky from the Malware Forum, download and run HiJackThis, post the log in this thread, then click the Report button at the bottom of the post and ask for this thread to be moved to the Malware forum.
     
  6. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Hello,

    I am sorry for the delay. I have had a very busy week.

    So after scanning HiJackThis the results are as follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:13, on 25.9.2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Dell Video Chat\DellVideoChat.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=si&l=en&s=bsd
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siol.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SiOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: D - {90DC4F03-A9C6-35C6-9883-E5868BFAE18E} - (no file)
    O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ynjejjudu] rundll32.exe "C:\Users\janko\AppData\Roaming\iuluusfh.dll",yhlrgyl
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 11251 bytes
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,703
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  8. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Hello,
    today I have recieved a messege from AVG:
    threat detected!
    C:/Users/janko/AppData/Roaming/iuluusfh.dllž
    trojan horse Generic 12.AHXY
     
  9. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    It is the same file as from the error message

    [​IMG]
     
  10. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Hello Cookiegal!

    Here are the results from ComboFix. I have renamed the saved file to Combo-Fix.exe like you instructed. First I thought that AVG will remove the problem, but the error message returned.

    ComboFix 09-09-27.05 - janko 28.09.2009 16:46.2.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.386.1033.18.3066.1660 [GMT 2:00]
    Running from: c:\users\janko\Documents\Downloads\Combo-Fix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
    .

    2009-09-28 14:50 . 2009-09-28 14:50 -------- d-----w- c:\users\janko\AppData\Local\temp
    2009-09-28 14:50 . 2009-09-28 14:50 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-09-28 14:50 . 2009-09-28 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-09-28 13:37 . 2009-09-28 13:37 -------- d-----w- c:\program files\R
    2009-09-26 12:06 . 2009-09-26 12:06 -------- d-----w- c:\users\janko\AppData\Local\DOSBox
    2009-09-26 11:27 . 2009-09-26 11:28 -------- d-----w- c:\program files\DOSBox-0.73
    2009-09-25 09:46 . 2009-09-25 09:46 -------- d-----w- c:\program files\Trend Micro
    2009-09-17 22:25 . 2009-09-17 22:25 -------- d-----w- c:\users\janko\AppData\Local\Dell
    2009-09-17 21:15 . 2009-09-17 21:15 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2009-09-17 20:58 . 2009-09-17 21:01 -------- d-----w- c:\programdata\DriverScanner
    2009-09-17 20:57 . 2009-09-17 20:59 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
    2009-09-17 20:42 . 2009-09-17 20:44 -------- d-----w- c:\windows\system32\ca-ES
    2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\eu-ES
    2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\vi-VN
    2009-09-17 17:49 . 2009-09-17 20:58 -------- d-----w- c:\users\janko\AppData\Roaming\Uniblue
    2009-09-17 17:48 . 2009-09-17 20:58 -------- d-----w- c:\program files\Uniblue
    2009-09-17 10:59 . 2009-09-17 10:59 -------- d-----w- c:\program files\iPhone Configuration Utility
    2009-09-17 10:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-09-17 10:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-09-17 10:56 . 2009-09-17 10:56 -------- d-----w- c:\program files\iPod
    2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\program files\iTunes
    2009-09-17 10:55 . 2009-09-17 10:55 -------- d-----w- c:\program files\QuickTime
    2009-09-09 02:41 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
    2009-09-09 02:41 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
    2009-09-09 02:41 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
    2009-09-09 02:41 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2009-09-09 02:41 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
    2009-09-04 07:27 . 2009-09-04 07:29 -------- d-----w- c:\users\janko\AppData\Local\Google
    2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Deployment
    2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Apps
    2009-09-03 14:51 . 2009-09-28 12:50 -------- d-----w- C:\$AVG8.VAULT$
    2009-09-03 14:26 . 2009-09-03 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-09-03 14:26 . 2009-09-03 14:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-09-03 14:26 . 2009-09-03 14:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-09-03 14:26 . 2009-09-03 14:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-09-03 14:25 . 2009-09-28 08:50 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-09-03 14:25 . 2009-09-03 14:27 -------- d-----w- c:\programdata\AVG Security Toolbar
    2009-09-03 14:25 . 2009-09-03 14:25 -------- d-----w- c:\programdata\avg8
    2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\users\janko\AppData\Roaming\AVG8
    2009-09-03 12:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-09-03 12:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-09-02 07:15 . 2009-09-17 22:23 -------- d-----w- c:\users\janko\AppData\Roaming\BitTorrent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-28 14:40 . 2009-08-22 10:38 -------- d-----w- c:\users\janko\AppData\Roaming\Skype
    2009-09-28 14:37 . 2009-08-18 10:03 6944 ----a-w- c:\users\janko\AppData\Local\d3d9caps.dat
    2009-09-28 14:37 . 2009-04-06 12:33 12 ----a-w- c:\windows\bthservsdp.dat
    2009-09-28 14:02 . 2009-08-22 14:57 -------- d-----w- c:\program files\pdfforge Toolbar
    2009-09-28 14:01 . 2009-08-22 10:44 -------- d-----w- c:\users\janko\AppData\Roaming\skypePM
    2009-09-24 07:36 . 2009-08-23 08:50 -------- d-----w- c:\users\janko\AppData\Roaming\XnView
    2009-09-18 09:12 . 2009-08-22 15:39 -------- d-----w- c:\users\janko\AppData\Roaming\BSplayer PRO
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-09-17 20:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-09-17 10:56 . 2009-08-25 19:17 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-30 15:36 . 2009-08-23 08:37 -------- d-sh--w- c:\users\janko\AppData\Roaming\lowsec
    2009-08-28 09:50 . 2009-08-25 18:49 -------- d-sh--r- c:\users\janko\AppData\Roaming\System32
    2009-08-26 08:02 . 2009-05-04 08:39 102672 ----a-w- c:\users\janko\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-25 19:51 . 2009-04-06 12:38 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\users\janko\AppData\Roaming\Apple Computer
    2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-25 19:18 . 2009-08-25 19:06 -------- d-----w- c:\programdata\Apple Computer
    2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\program files\Bonjour
    2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\programdata\Apple
    2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\program files\Apple Software Update
    2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\program files\Merriam-Webster
    2009-08-25 18:56 . 2009-08-25 18:56 -------- d-----w- c:\program files\Random House, Inc
    2009-08-23 12:08 . 2009-08-23 12:08 -------- d-----w- c:\programdata\FLEXnet
    2009-08-23 08:49 . 2009-08-23 08:49 -------- d-----w- c:\program files\XnView
    2009-08-23 08:38 . 2009-08-23 08:36 -------- d-----w- c:\programdata\WinZip
    2009-08-22 15:39 . 2009-08-22 15:39 -------- d-----w- c:\program files\Webteh
    2009-08-22 14:57 . 2009-08-22 14:54 -------- d-----w- c:\program files\PDFCreator
    2009-08-22 11:47 . 2009-08-22 11:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-08-22 11:46 . 2009-08-22 11:39 38208 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-22 11:39 . 2009-08-22 11:39 -------- d-----w- c:\users\janko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-08-22 10:44 . 2009-08-22 10:44 56 ---ha-w- c:\programdata\ezsidmv.dat
    2009-08-22 10:25 . 2009-08-22 10:24 -------- d-----r- c:\program files\Skype
    2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\program files\Common Files\Skype
    2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\programdata\Skype
    2009-08-15 17:49 . 2009-04-06 12:54 -------- d-----w- c:\programdata\CyberLink
    2009-08-15 17:49 . 2009-08-15 17:49 -------- d-----w- c:\users\janko\AppData\Roaming\CyberLink
    2009-08-15 17:27 . 2009-08-15 17:27 -------- d-----w- c:\programdata\WindowsSearch
    2009-08-15 08:31 . 2009-08-15 08:31 -------- d-----w- c:\users\janko\AppData\Roaming\Bullzip
    2009-08-14 16:27 . 2009-09-09 03:23 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-08-14 15:53 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49 . 2009-09-09 03:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48 . 2009-09-09 03:23 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-08-14 13:48 . 2009-09-09 03:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2009-08-13 19:24 . 2009-08-13 19:24 1961720 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-08-08 20:18 . 2009-05-04 11:24 -------- d-----w- c:\program files\Norman
    2009-08-08 20:03 . 2009-07-21 11:17 -------- d-----w- c:\program files\Common Files\BitDefender
    2009-08-08 19:18 . 2009-08-08 19:18 -------- d-----w- c:\program files\AVG
    2009-08-07 18:38 . 2009-08-07 18:38 -------- d-----w- c:\program files\BitTorrent
    2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\users\janko\AppData\Roaming\Sony
    2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\programdata\Sony
    2009-08-06 18:54 . 2009-08-06 18:54 -------- d-----w- c:\programdata\Creative
    2009-08-06 18:25 . 2009-08-06 18:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Common Files\Sony Shared
    2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony
    2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony Ericsson
    2009-08-06 17:50 . 2009-08-06 17:50 -------- d-----w- c:\users\janko\AppData\Roaming\Creative
    2009-07-23 14:02 . 2009-07-23 14:03 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2009-07-21 21:52 . 2009-08-05 08:10 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-08-05 08:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-08-05 08:10 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-08-05 08:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 13:54 . 2009-08-13 16:14 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-15 12:40 . 2009-08-13 16:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-15 12:39 . 2009-08-13 16:14 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-15 12:39 . 2009-08-13 16:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-15 12:39 . 2009-08-13 16:14 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-11 19:01 . 2009-09-09 03:23 513536 ----a-w- c:\windows\system32\wlansvc.dll
    2009-07-11 19:01 . 2009-09-09 03:23 293376 ----a-w- c:\windows\system32\wlanmsm.dll
    2009-07-11 19:01 . 2009-09-09 03:23 302592 ----a-w- c:\windows\system32\wlansec.dll
    2009-07-11 19:01 . 2009-09-09 03:23 65024 ----a-w- c:\windows\system32\wlanapi.dll
    2009-07-11 17:03 . 2009-09-09 03:23 127488 ----a-w- c:\windows\system32\L2SecHC.dll
    2009-04-06 12:50 . 2009-04-06 12:50 74 --sh--r- c:\windows\CT4CET.bin
    2009-04-06 21:53 . 2009-04-06 21:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-28_14.03.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-09-28 14:39 50050 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-01-21 01:58 . 2009-09-28 13:52 50050 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-09-28 14:39 82330 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-05-04 08:34 . 2009-09-28 13:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-05-04 08:34 . 2009-09-28 14:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-05-04 08:34 . 2009-09-28 13:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-05-04 08:34 . 2009-09-28 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-05-04 08:34 . 2009-09-28 13:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-05-04 08:34 . 2009-09-28 14:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-05-04 08:40 . 2009-09-28 14:39 7510 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2704096314-976525091-2087800792-1000_UserData.bin
    - 2009-09-28 13:50 . 2009-09-28 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-09-28 14:37 . 2009-09-28 14:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-09-28 13:50 . 2009-09-28 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-09-28 14:37 . 2009-09-28 14:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-09-28 14:43 587178 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-09-28 13:56 587178 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-09-28 14:43 101250 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-09-28 13:56 101250 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
    "Google Update"="c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-04 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1422632]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-19 483420]
    "FAStartup"="" [BU]

    c:\users\janko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-15 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2008-09-05 15:16 140544 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-04-06 12:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):e9,6c,b4,7d,d8,37,ca,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{711FE0A8-5EAB-4216-AE11-1D4F83E1B784}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
    "{641B3C5D-63A2-4B72-967B-B5F42607D995}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
    "{93C451AD-3E09-40EA-A8F8-7D46EAA4670A}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
    "{A655A7EE-97FA-4E52-9830-F2277322EDD3}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
    "{3EA5F1B6-7836-46CC-B6D3-E379E1BE89E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{AC4E2463-7150-462D-9143-003BFF70C84A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{0355729E-E714-4C53-AD98-5E26A73FAA8E}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
    "{1C9AAAAC-F104-43B3-9DE1-38A6E36AC79D}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
    "{802F0562-A70A-4DFC-B183-26902A999AFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{66E42583-2428-4A87-8875-25BF768A9724}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A2F832F4-6EAA-4F89-A259-9632D7E16604}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{24FF1380-1872-4D9B-9F14-936DCE1CF7BD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{47527AA3-A09E-4101-BF99-745FD29B9BF2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
    "{20E581DD-BF75-4E3E-B5BD-B1E0E04664EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{60550F07-51B7-4EA9-858E-B56218B2115C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3.9.2009 16:26 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3.9.2009 16:26 108552]
    R1 NGS;Norman General Security Driver;c:\program files\Norman\Nvc\bin\ngs.sys [4.5.2009 13:27 22712]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [6.4.2009 14:54 61424]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\AEstSrv.exe [7.4.2009 0:08 81920]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3.9.2009 16:25 297752]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23.9.2008 22:09 155648]
    R2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [5.9.2008 17:16 2340096]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6.4.2009 14:32 29736]
    R3 hcw17bda;WinTV-NOVA-TA (engineering sample);c:\windows\System32\drivers\hcw17bda.sys [7.4.2009 0:09 41472]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7.4.2009 0:08 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7.4.2009 0:09 203264]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [7.4.2009 0:09 3663360]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [7.4.2009 0:09 133472]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [7.4.2009 0:09 279488]
    S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [2.8.2008 16:36 230912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000Core.job
    - c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]

    2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000UA.job
    - c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.siol.net
    uInternet Settings,ProxyOverride = *.local
    IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-28 16:50
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(680)
    c:\windows\system32\FAPassSync.dll

    - - - - - - - > 'Explorer.exe'(3156)
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-09-28 16:51
    ComboFix-quarantined-files.txt 2009-09-28 14:51
    ComboFix2.txt 2009-09-28 14:04

    Pre-Run: 215.127.752.704 bytes free
    Post-Run: 215.093.092.352 bytes free

    297 --- E O F --- 2009-09-24 14:05
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,703
    That was the second run of ComboFix. I would like to see the log from the first run please. You will find it at the following location:

    C:\qoobox\ComboFix2.txt
     
  12. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Ok,
    here is from the first run

    ComboFix 09-09-27.05 - janko 28.09.2009 15:58.1.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.386.1033.18.3066.1748 [GMT 2:00]
    Running from: c:\users\janko\Documents\Downloads\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-2704096314-976525091-2087800792-500
    c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
    c:\program files\pdfforge Toolbar\SearchSettings.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
    .

    2009-09-28 14:02 . 2009-09-28 14:03 -------- d-----w- c:\users\janko\AppData\Local\temp
    2009-09-28 14:02 . 2009-09-28 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-09-28 13:37 . 2009-09-28 13:37 -------- d-----w- c:\program files\R
    2009-09-26 12:06 . 2009-09-26 12:06 -------- d-----w- c:\users\janko\AppData\Local\DOSBox
    2009-09-26 11:27 . 2009-09-26 11:28 -------- d-----w- c:\program files\DOSBox-0.73
    2009-09-25 09:46 . 2009-09-25 09:46 -------- d-----w- c:\program files\Trend Micro
    2009-09-17 22:25 . 2009-09-17 22:25 -------- d-----w- c:\users\janko\AppData\Local\Dell
    2009-09-17 21:15 . 2009-09-17 21:15 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2009-09-17 20:58 . 2009-09-17 21:01 -------- d-----w- c:\programdata\DriverScanner
    2009-09-17 20:57 . 2009-09-17 20:59 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
    2009-09-17 20:42 . 2009-09-17 20:44 -------- d-----w- c:\windows\system32\ca-ES
    2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\eu-ES
    2009-09-17 20:42 . 2009-09-17 20:43 -------- d-----w- c:\windows\system32\vi-VN
    2009-09-17 17:49 . 2009-09-17 20:58 -------- d-----w- c:\users\janko\AppData\Roaming\Uniblue
    2009-09-17 17:48 . 2009-09-17 20:58 -------- d-----w- c:\program files\Uniblue
    2009-09-17 10:59 . 2009-09-17 10:59 -------- d-----w- c:\program files\iPhone Configuration Utility
    2009-09-17 10:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-09-17 10:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-09-17 10:56 . 2009-09-17 10:56 -------- d-----w- c:\program files\iPod
    2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-17 10:56 . 2009-09-17 10:57 -------- d-----w- c:\program files\iTunes
    2009-09-17 10:55 . 2009-09-17 10:55 -------- d-----w- c:\program files\QuickTime
    2009-09-09 02:41 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
    2009-09-09 02:41 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
    2009-09-09 02:41 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
    2009-09-09 02:41 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2009-09-09 02:41 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
    2009-09-04 07:27 . 2009-09-04 07:29 -------- d-----w- c:\users\janko\AppData\Local\Google
    2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Deployment
    2009-09-04 07:27 . 2009-09-04 07:27 -------- d-----w- c:\users\janko\AppData\Local\Apps
    2009-09-03 14:51 . 2009-09-28 12:50 -------- d-----w- C:\$AVG8.VAULT$
    2009-09-03 14:26 . 2009-09-03 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-09-03 14:26 . 2009-09-03 14:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-09-03 14:26 . 2009-09-03 14:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-09-03 14:26 . 2009-09-03 14:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-09-03 14:25 . 2009-09-28 08:50 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-09-03 14:25 . 2009-09-03 14:27 -------- d-----w- c:\programdata\AVG Security Toolbar
    2009-09-03 14:25 . 2009-09-03 14:25 -------- d-----w- c:\programdata\avg8
    2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\users\janko\AppData\Roaming\AVG8
    2009-09-03 12:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-09-03 12:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-09-02 07:15 . 2009-09-17 22:23 -------- d-----w- c:\users\janko\AppData\Roaming\BitTorrent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-28 14:02 . 2009-08-22 14:57 -------- d-----w- c:\program files\pdfforge Toolbar
    2009-09-28 14:01 . 2009-08-22 10:44 -------- d-----w- c:\users\janko\AppData\Roaming\skypePM
    2009-09-28 13:52 . 2009-08-22 10:38 -------- d-----w- c:\users\janko\AppData\Roaming\Skype
    2009-09-28 13:47 . 2009-04-06 12:33 12 ----a-w- c:\windows\bthservsdp.dat
    2009-09-24 07:36 . 2009-08-23 08:50 -------- d-----w- c:\users\janko\AppData\Roaming\XnView
    2009-09-18 09:12 . 2009-08-22 15:39 -------- d-----w- c:\users\janko\AppData\Roaming\BSplayer PRO
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-09-17 20:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-09-17 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-09-17 17:38 . 2009-08-18 10:03 680 ----a-w- c:\users\janko\AppData\Local\d3d9caps.dat
    2009-09-17 10:56 . 2009-08-25 19:17 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-30 15:36 . 2009-08-23 08:37 -------- d-sh--w- c:\users\janko\AppData\Roaming\lowsec
    2009-08-28 09:50 . 2009-08-25 18:49 -------- d-sh--r- c:\users\janko\AppData\Roaming\System32
    2009-08-26 08:02 . 2009-05-04 08:39 102672 ----a-w- c:\users\janko\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-25 19:51 . 2009-04-06 12:38 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\users\janko\AppData\Roaming\Apple Computer
    2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-25 19:18 . 2009-08-25 19:06 -------- d-----w- c:\programdata\Apple Computer
    2009-08-25 19:18 . 2009-08-25 19:18 -------- d-----w- c:\program files\Bonjour
    2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\programdata\Apple
    2009-08-25 19:01 . 2009-08-25 19:01 -------- d-----w- c:\program files\Apple Software Update
    2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\program files\Merriam-Webster
    2009-08-25 18:56 . 2009-08-25 18:56 -------- d-----w- c:\program files\Random House, Inc
    2009-08-23 12:08 . 2009-08-23 12:08 -------- d-----w- c:\programdata\FLEXnet
    2009-08-23 08:49 . 2009-08-23 08:49 -------- d-----w- c:\program files\XnView
    2009-08-23 08:38 . 2009-08-23 08:36 -------- d-----w- c:\programdata\WinZip
    2009-08-22 15:39 . 2009-08-22 15:39 -------- d-----w- c:\program files\Webteh
    2009-08-22 14:57 . 2009-08-22 14:54 -------- d-----w- c:\program files\PDFCreator
    2009-08-22 11:47 . 2009-08-22 11:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-08-22 11:46 . 2009-08-22 11:39 38208 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-22 11:39 . 2009-08-22 11:39 -------- d-----w- c:\users\janko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-08-22 10:44 . 2009-08-22 10:44 56 ---ha-w- c:\programdata\ezsidmv.dat
    2009-08-22 10:25 . 2009-08-22 10:24 -------- d-----r- c:\program files\Skype
    2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\program files\Common Files\Skype
    2009-08-22 10:24 . 2009-08-22 10:24 -------- d-----w- c:\programdata\Skype
    2009-08-15 17:49 . 2009-04-06 12:54 -------- d-----w- c:\programdata\CyberLink
    2009-08-15 17:49 . 2009-08-15 17:49 -------- d-----w- c:\users\janko\AppData\Roaming\CyberLink
    2009-08-15 17:27 . 2009-08-15 17:27 -------- d-----w- c:\programdata\WindowsSearch
    2009-08-15 08:31 . 2009-08-15 08:31 -------- d-----w- c:\users\janko\AppData\Roaming\Bullzip
    2009-08-14 16:27 . 2009-09-09 03:23 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-08-14 15:53 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49 . 2009-09-09 03:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49 . 2009-09-09 03:23 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48 . 2009-09-09 03:23 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-08-14 13:48 . 2009-09-09 03:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2009-08-13 19:24 . 2009-08-13 19:24 1961720 ----a-w- c:\users\janko\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-08-08 20:18 . 2009-05-04 11:24 -------- d-----w- c:\program files\Norman
    2009-08-08 20:03 . 2009-07-21 11:17 -------- d-----w- c:\program files\Common Files\BitDefender
    2009-08-08 19:18 . 2009-08-08 19:18 -------- d-----w- c:\program files\AVG
    2009-08-07 18:38 . 2009-08-07 18:38 -------- d-----w- c:\program files\BitTorrent
    2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\users\janko\AppData\Roaming\Sony
    2009-08-06 19:05 . 2009-08-06 19:05 -------- d-----w- c:\programdata\Sony
    2009-08-06 18:54 . 2009-08-06 18:54 -------- d-----w- c:\programdata\Creative
    2009-08-06 18:25 . 2009-08-06 18:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Common Files\Sony Shared
    2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony
    2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\Sony Ericsson
    2009-08-06 17:50 . 2009-08-06 17:50 -------- d-----w- c:\users\janko\AppData\Roaming\Creative
    2009-07-23 14:02 . 2009-07-23 14:03 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2009-07-21 21:52 . 2009-08-05 08:10 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-08-05 08:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-08-05 08:10 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-08-05 08:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 13:54 . 2009-08-13 16:14 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-15 12:40 . 2009-08-13 16:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-15 12:39 . 2009-08-13 16:14 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-15 12:39 . 2009-08-13 16:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-15 12:39 . 2009-08-13 16:14 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-11 19:01 . 2009-09-09 03:23 513536 ----a-w- c:\windows\system32\wlansvc.dll
    2009-07-11 19:01 . 2009-09-09 03:23 293376 ----a-w- c:\windows\system32\wlanmsm.dll
    2009-07-11 19:01 . 2009-09-09 03:23 302592 ----a-w- c:\windows\system32\wlansec.dll
    2009-07-11 19:01 . 2009-09-09 03:23 65024 ----a-w- c:\windows\system32\wlanapi.dll
    2009-07-11 17:03 . 2009-09-09 03:23 127488 ----a-w- c:\windows\system32\L2SecHC.dll
    2009-04-06 12:50 . 2009-04-06 12:50 74 --sh--r- c:\windows\CT4CET.bin
    2009-04-06 21:53 . 2009-04-06 21:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
    "Google Update"="c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-04 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1422632]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-19 483420]

    c:\users\janko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-15 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2008-09-05 15:16 140544 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-04-06 12:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):e9,6c,b4,7d,d8,37,ca,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{711FE0A8-5EAB-4216-AE11-1D4F83E1B784}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
    "{641B3C5D-63A2-4B72-967B-B5F42607D995}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
    "{93C451AD-3E09-40EA-A8F8-7D46EAA4670A}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
    "{A655A7EE-97FA-4E52-9830-F2277322EDD3}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
    "{3EA5F1B6-7836-46CC-B6D3-E379E1BE89E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{AC4E2463-7150-462D-9143-003BFF70C84A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{0355729E-E714-4C53-AD98-5E26A73FAA8E}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
    "{1C9AAAAC-F104-43B3-9DE1-38A6E36AC79D}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
    "{802F0562-A70A-4DFC-B183-26902A999AFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{66E42583-2428-4A87-8875-25BF768A9724}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A2F832F4-6EAA-4F89-A259-9632D7E16604}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{24FF1380-1872-4D9B-9F14-936DCE1CF7BD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{47527AA3-A09E-4101-BF99-745FD29B9BF2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
    "{20E581DD-BF75-4E3E-B5BD-B1E0E04664EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{60550F07-51B7-4EA9-858E-B56218B2115C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3.9.2009 16:26 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3.9.2009 16:26 108552]
    R1 NGS;Norman General Security Driver;c:\program files\Norman\Nvc\bin\ngs.sys [4.5.2009 13:27 22712]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [6.4.2009 14:54 61424]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\AEstSrv.exe [7.4.2009 0:08 81920]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3.9.2009 16:25 297752]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23.9.2008 22:09 155648]
    R2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [5.9.2008 17:16 2340096]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6.4.2009 14:32 29736]
    R3 hcw17bda;WinTV-NOVA-TA (engineering sample);c:\windows\System32\drivers\hcw17bda.sys [7.4.2009 0:09 41472]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7.4.2009 0:08 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7.4.2009 0:09 203264]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [7.4.2009 0:09 3663360]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [7.4.2009 0:09 133472]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [7.4.2009 0:09 279488]
    S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [2.8.2008 16:36 230912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000Core.job
    - c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]

    2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704096314-976525091-2087800792-1000UA.job
    - c:\users\janko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.siol.net
    uInternet Settings,ProxyOverride = *.local
    IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{90DC4F03-A9C6-35C6-9883-E5868BFAE18E} - (no file)
    HKCU-Run-ynjejjudu - c:\users\janko\AppData\Roaming\iuluusfh.dll
    HKLM-Run-FAStartup - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-28 16:02
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\janko\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(684)
    c:\windows\system32\FAPassSync.dll
    .
    Completion time: 2009-09-28 16:04
    ComboFix-quarantined-files.txt 2009-09-28 14:04

    Pre-Run: 214.996.295.680 bytes free
    Post-Run: 215.214.563.328 bytes free

    282 --- E O F --- 2009-09-24 14:05
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,703
    Were you using Norman as your anti-virus program previously?

    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    DirLook::
    c:\program files\R
    c:\users\janko\AppData\Roaming\lowsec
    c:\users\janko\AppData\Roaming\System32
    
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  14. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Hello

    Yes I did use Norman previously. Thank you Cookiegal for the above instructions. I will do that immediately.

    runningmouse
     
  15. runningmouse

    runningmouse Thread Starter

    Joined:
    Aug 27, 2009
    Messages:
    19
    Here are the Hijackthis results with draged CFScript.txt into ComboFix.exe:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:29:39, on 30.9.2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Dell Video Chat\DellVideoChat.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\janko\AppData\Local\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siol.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=si&l=en&s=bsd
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\janko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d3d17bc1\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 9846 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/861601