1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random Audio Ads - Malware - Pop Up Tabs

Discussion in 'Virus & Other Malware Removal' started by Dhammiko, Jul 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    It seems I've recently contracted some type of malware. I've spent the past few days running through numerous forum threads and procedures in order to rectify the problem. Unfortunately I've been unsuccessful and now my volume control is turning the wav level down and I'm also having random ad's for cleaning products, cold medications and more....

    I'd really appreciate any assistance... Below is a copy of the log from Hijackthis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:16:32 PM, on 7/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152713012296
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7133 bytes
     
  2. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    Hello and welcome to TSG

    IMPORTANT

    Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
    To make cleaning this machine easier:-
    • Continue to respond to this thread until I give you the All Clean!
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
    • Please follow all instructions in the order posted.
    • If you have any questions or do not understand instructions, please ask before continuing.
    • Please reply to this thread. Do not start a new topic.
    • Topics not replied to within 3 days will be removed from my Subscribed Threads List.

    Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:
    • Start HijackThis
    • Click on the Config button
    • Click on the Misc Tools button
    • Click on the Open Uninstall Manager button.
    • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

    Please post this log on your next reply.



    NEXT Download and Run: RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Please reply with:-
    • Uninstall list
    • RSIT logs ( info.txt and log.txt)
     
  3. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    Hi Muppy,

    Thank you for your reply. Please find below logs as instructed.

    1. Uninstall List

    Opera 10.60
    Panda ActiveScan 2.0
    PDFCreator
    QuickTime
    Registry Mechanic 8.0
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB982381)
    SEMA
    Software Setup
    SoundMAX
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VanDyke Software SecureCRT 4.0
    Veoh Web Player
    WavePad Sound Editor
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip 14.5

    2. Info.txt

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
    Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
    Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
    Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
    Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
    Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
    AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
    Broadcom Management Programs-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
    HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.EXE" -l0x9
    HP Safety and Comfort Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}\SETUP.EXE" -l0x9
    IE Asterisk Password Uncover 1.2-->"C:\Program Files\Nsasoft\IE Asterisk Password Uncover\unins000.exe"
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
    InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
    LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MetaFrame Presentation Server Client-->MsiExec.exe /I{4E21223F-8D6C-446E-9CD3-587D206A8400}
    Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft SQL Server 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mindful Clock-->MsiExec.exe /I{875CC76F-58AC-45BB-AFF7-46F988DDF92C}
    Mozilla Firefox (3.5.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Nero 7 Essentials-->MsiExec.exe /X{3BDEE284-1516-40E8-B784-00FEBE1B1033}
    Opera 10.60-->MsiExec.exe /X{90BC5F99-9172-43B1-805F-77BCC800CAB7}
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
    Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
    SEMA-->MsiExec.exe /I{32D3FE73-873F-4C6F-B6F1-0E8CEE4B5C38}
    Software Setup-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
    Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
    Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
    VanDyke Software SecureCRT 4.0-->C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
    Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
    WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
    Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AVG Anti-Virus Free (disabled)

    ======System event log======

    Computer Name: TUNZBOX
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 76
    Source Name: Tcpip
    Time Written: 20100703102601.000000+600
    Event Type: warning
    User:

    Computer Name: TUNZBOX
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    i8042prt

    Record Number: 55
    Source Name: Service Control Manager
    Time Written: 20100703101018.000000+600
    Event Type: error
    User:

    Computer Name: TUNZBOX
    Event Code: 263
    Message: The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

    Record Number: 36
    Source Name: PlugPlayManager
    Time Written: 20100626135720.000000+600
    Event Type: warning
    User:

    Computer Name: TUNZBOX
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 31
    Source Name: W32Time
    Time Written: 20100626093652.000000+600
    Event Type: warning
    User:

    Computer Name: TUNZBOX
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    i8042prt

    Record Number: 6
    Source Name: Service Control Manager
    Time Written: 20100625195648.000000+600
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: TUNZBOX
    Event Code: 1517
    Message: Windows saved user TUNZBOX\Jerga registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 953
    Source Name: Userenv
    Time Written: 20090622204817.000000+600
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: TUNZBOX
    Event Code: 1517
    Message: Windows saved user TUNZBOX\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 916
    Source Name: Userenv
    Time Written: 20090622201822.000000+600
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: TUNZBOX
    Event Code: 0
    Message:
    Record Number: 914
    Source Name: pctsSvc.exe
    Time Written: 20090622185315.000000+600
    Event Type: error
    User:

    Computer Name: TUNZBOX
    Event Code: 1517
    Message: Windows saved user TUNZBOX\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 899
    Source Name: Userenv
    Time Written: 20090622184933.000000+600
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: TUNZBOX
    Event Code: 1517
    Message: Windows saved user TUNZBOX\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 881
    Source Name: Userenv
    Time Written: 20090622170609.000000+600
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\SecureCRT;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    "PROCESSOR_REVISION"=0401
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "asl.log"=Destination=file;OnFirstLog=command,environment,parent
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------

    3. Log.txt

    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Administrator at 2010-07-07 21:43:21
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 18 GB (46%) free of 38 GB
    Total RAM: 1271 MB (30% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:43:32 PM, on 7/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\TEMP\Google Toolbar\gtb3DA.tmp.exe
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\Program Files\trend micro\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152713012296
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7487 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-21 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-06 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-08 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-21 259696]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
    "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
    "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-19 2046816]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-26 1830128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    ? ???????&#376;
    ?? ?? ???? []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    ? ???????&#376;
    ?? ?? ???? []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-21 525824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-08-24 11952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2010-07-07 21:43:21 ----D---- C:\rsit
    2010-07-07 19:16:20 ----D---- C:\Program Files\Trend Micro
    2010-07-07 19:08:24 ----D---- C:\32788R22FWJFW
    2010-07-07 19:08:01 ----D---- C:\WINDOWS\temp
    2010-07-07 19:07:59 ----A---- C:\ComboFix.txt
    2010-07-07 18:39:13 ----D---- C:\Program Files\ERUNT
    2010-07-07 17:14:35 ----A---- C:\Boot.bak
    2010-07-07 17:14:27 ----RASHD---- C:\cmdcons
    2010-07-07 16:07:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2010-07-06 18:24:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Opera
    2010-07-06 18:24:33 ----D---- C:\Program Files\Opera
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\zip.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\SWXCACLS.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\SWSC.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\SWREG.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\sed.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\PEV.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\NIRCMD.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\MBR.exe
    2010-07-06 17:56:49 ----A---- C:\WINDOWS\grep.exe
    2010-07-06 17:56:38 ----D---- C:\WINDOWS\ERDNT
    2010-07-06 17:54:20 ----D---- C:\Qoobox
    2010-07-06 17:53:24 ----D---- C:\MGtools
    2010-07-06 17:49:51 ----D---- C:\Program Files\WinZip
    2010-07-05 20:35:30 ----A---- C:\WINDOWS\ntbtlog.txt
    2010-07-05 14:51:11 ----A---- C:\mbam-error.txt
    2010-06-26 14:10:14 ----D---- C:\Program Files\iPod
    2010-06-26 14:10:00 ----D---- C:\Program Files\iTunes
    2010-06-26 14:10:00 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-26 14:05:01 ----D---- C:\Program Files\QuickTime
    2010-06-26 14:02:15 ----D---- C:\Program Files\Apple Software Update
    2010-06-26 13:56:30 ----D---- C:\Program Files\Bonjour
    2010-06-12 01:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
    2010-06-12 01:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
    2010-06-12 01:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
    2010-06-12 01:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
    2010-06-12 01:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
    2010-06-12 01:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
    2010-06-12 01:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

    ======List of files/folders modified in the last 1 months======

    2010-07-07 21:43:20 ----D---- C:\WINDOWS\Prefetch
    2010-07-07 20:44:14 ----D---- C:\Program Files\Mozilla Firefox
    2010-07-07 19:16:20 ----RD---- C:\Program Files
    2010-07-07 19:08:01 ----D---- C:\WINDOWS
    2010-07-07 19:06:15 ----A---- C:\WINDOWS\system.ini
    2010-07-07 19:04:22 ----D---- C:\WINDOWS\system32\drivers
    2010-07-07 19:04:22 ----D---- C:\WINDOWS\system32
    2010-07-07 19:04:21 ----D---- C:\WINDOWS\AppPatch
    2010-07-07 19:04:15 ----D---- C:\Program Files\Common Files
    2010-07-07 19:01:31 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-07-07 19:00:52 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-07-07 18:43:48 ----SHD---- C:\WINDOWS\Installer
    2010-07-07 17:22:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-07-07 17:14:35 ----RASH---- C:\boot.ini
    2010-07-07 12:11:25 ----D---- C:\$AVG8.VAULT$
    2010-07-06 18:46:07 ----SD---- C:\WINDOWS\Tasks
    2010-07-06 17:50:15 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
    2010-07-06 17:36:33 ----D---- C:\Program Files\Common Files\Symantec Shared
    2010-07-06 17:36:32 ----D---- C:\Program Files\Symantec
    2010-07-06 17:36:26 ----D---- C:\Program Files\Symantec AntiVirus
    2010-07-06 17:36:26 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
    2010-07-05 17:34:43 ----D---- C:\Program Files\SUPERAntiSpyware
    2010-07-05 17:13:34 ----D---- C:\Program Files\Common Files\Adobe
    2010-07-05 17:12:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2010-07-05 17:12:13 ----D---- C:\Program Files\Adobe
    2010-07-05 17:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
    2010-07-05 14:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-07-05 14:46:05 ----SHD---- C:\WINDOWS\CSC
    2010-06-26 14:25:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2010-06-26 14:22:17 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2010-06-26 14:20:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
    2010-06-26 14:20:30 ----HD---- C:\WINDOWS\inf
    2010-06-26 14:11:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-06-26 14:10:08 ----D---- C:\Program Files\Common Files\Apple
    2010-06-26 13:56:09 ----D---- C:\WINDOWS\WinSxS
    2010-06-25 20:07:18 ----D---- C:\Program Files\AVG
    2010-06-25 20:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2010-06-25 19:53:31 ----D---- C:\Documents and Settings\Administrator\Application Data\BitTorrent
    2010-06-24 01:11:43 ----D---- C:\WINDOWS\Microsoft.NET
    2010-06-24 01:11:38 ----RSD---- C:\WINDOWS\assembly
    2010-06-12 01:16:58 ----RSHD---- C:\WINDOWS\system32\dllcache
    2010-06-12 01:16:44 ----A---- C:\WINDOWS\imsins.BAK
    2010-06-12 01:16:35 ----HD---- C:\WINDOWS\$hf_mig$

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-24 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-24 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-04 108552]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
    R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-04-30 186112]
    R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-16 612416]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 42752]
    S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2004-02-05 51584]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
    S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
    S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
    S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
    S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
    S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
    S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-19 651720]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 182768]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
     
  4. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    Your uninstall list is missing the top half can you please post it again.

    I also see that you ran Combofix, please post the log it produced. It can be found C:\ComboFix.txt.
     
  5. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    Sorry.... Here it is

    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 7.0
    Adobe Reader 9.3.3
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 8.5
    Bonjour
    Broadcom Management Programs
    Critical Update for Windows Media Player 11 (KB959772)
    ERUNT 1.1j
    Eusing Free Registry Cleaner
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Help and Support
    HP Safety and Comfort Guide
    IE Asterisk Password Uncover 1.2
    Intel(R) Graphics Media Accelerator Driver
    InterVideo WinDVD
    iTunes
    LiveUpdate 2.6 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MetaFrame Presentation Server Client
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio Professional 2003
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2000
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mindful Clock
    Mozilla Firefox (3.5.10)
    Nero 7 Essentials
    Opera 10.60
    Panda ActiveScan 2.0
    PDFCreator
    QuickTime
    Registry Mechanic 8.0
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB982381)
    SEMA
    Software Setup
    SoundMAX
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VanDyke Software SecureCRT 4.0
    Veoh Web Player
    WavePad Sound Editor
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip 14.5

    2. Combofix.txt

    ComboFix 10-07-06.03 - Administrator 07/07/2010 19:02:01.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1271.461 [GMT 10:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
    .

    2010-07-07 09:01 . 2010-07-07 09:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-07-07 08:39 . 2010-07-07 08:39 -------- d-----w- c:\program files\ERUNT
    2010-07-06 08:24 . 2010-07-06 08:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
    2010-07-06 08:24 . 2010-07-06 08:24 -------- d-----w- c:\program files\Opera
    2010-07-06 08:03 . 2010-07-06 08:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
    2010-07-06 07:53 . 2010-07-07 07:34 121975 ----a-w- C:\MGlogs.zip
    2010-07-06 07:53 . 2010-07-07 07:34 -------- d-----w- C:\MGtools
    2010-07-05 07:23 . 2010-07-05 19:48 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-06-26 04:10 . 2010-06-26 04:10 -------- d-----w- c:\program files\iPod
    2010-06-26 04:10 . 2010-06-26 04:11 -------- d-----w- c:\program files\iTunes
    2010-06-26 04:10 . 2010-06-26 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-26 04:05 . 2010-06-26 04:06 -------- d-----w- c:\program files\QuickTime
    2010-06-26 04:02 . 2010-06-26 04:02 -------- d-----w- c:\program files\Apple Software Update
    2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\program files\Bonjour
    2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-06 07:50 . 2009-08-29 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2010-07-06 07:36 . 2006-07-13 07:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-07-06 07:36 . 2006-07-13 07:57 -------- d-----w- c:\program files\Symantec
    2010-07-06 07:36 . 2006-07-13 07:57 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-07-06 07:36 . 2006-07-13 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-07-05 19:48 . 2009-06-22 08:39 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-05 07:34 . 2009-06-22 08:39 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-05 07:13 . 2009-07-18 06:06 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-05 04:51 . 2009-03-07 02:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-26 04:25 . 2009-07-14 10:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2010-06-26 04:20 . 2009-05-24 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-06-26 04:10 . 2009-05-24 03:27 -------- d-----w- c:\program files\Common Files\Apple
    2010-06-25 10:07 . 2009-03-07 01:46 -------- d-----w- c:\program files\AVG
    2010-06-25 10:06 . 2009-03-07 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-06-25 09:53 . 2009-07-11 12:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
    2010-06-01 10:53 . 2010-06-01 10:53 -------- d-----w- c:\program files\Veoh Networks
    2010-05-22 01:00 . 2010-05-22 01:00 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2c0c8759-n\msvcp71.dll
    2010-05-22 01:00 . 2010-05-22 01:00 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2c0c8759-n\jmc.dll
    2010-05-22 01:00 . 2010-05-22 01:00 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2c0c8759-n\msvcr71.dll
    2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 06:35 . 2010-05-18 06:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-05-18 06:35 . 2010-05-18 06:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 05:39 . 2009-03-07 02:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 05:39 . 2009-03-07 02:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-19 10:47 . 2009-05-24 03:28 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-04-19 10:47 . 2009-05-24 03:28 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-04-16 16:09 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-04-16 16:09 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 03:03 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-23 23:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    ? ???????&#376; [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    ? ???????&#376; [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-07-04 03:01 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 06:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-07-04 03:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    2003-11-20 18:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-07 00:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/06/2009 6:59 PM 28544]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/03/2009 11:47 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/03/2009 11:47 AM 108552]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 PM 169312]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/03/2009 11:47 AM 297752]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - WMIAPSRV

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-06-20 01:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

    2010-07-07 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-06-01 12:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hp.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0wkm5bjb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
    FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-07 19:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(272)
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-07-07 19:07:59
    ComboFix-quarantined-files.txt 2010-07-07 09:07
    ComboFix2.txt 2010-07-07 07:31

    Pre-Run: 18,595,069,952 bytes free
    Post-Run: 18,618,253,312 bytes free

    - - End Of File - - 617C3603E5BC285049D71154C92EC3FE
     
  6. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    Sorry but I need this one too :)

    ComboFix-quarantined-files.txt 2010-07-07 09:07
     
  7. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    No prob...

    2010-07-07 09:07:00 . 2010-07-07 09:07:00 622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
    2010-07-07 07:30:49 . 2010-07-07 07:30:49 562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-vptray.reg.dat
    2010-07-07 07:30:48 . 2010-07-07 07:30:48 616 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ccApp.reg.dat
    2010-07-07 07:30:47 . 2010-07-07 07:30:47 306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-NavLogon.reg.dat
    2010-07-07 07:30:45 . 2010-07-07 07:30:45 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
    2010-07-07 07:25:25 . 2010-07-07 09:04:43 6,644 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2010-07-06 07:56:38 . 2010-07-07 09:02:01 388 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2004-08-04 03:01:08 . 2008-04-14 00:13:20 40,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\termdd.sys.vir
     
  8. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    GMER Rootkit Scanner
    Download GMER Rootkit Scanner from here.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  9. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    Thanks a million for your help Muppy....I've got the scan in GMER running however I'll have to retreat to bed. Ill post the log tomorrow morning. :)
     
  10. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    Hi Muppy,

    Please find below gmer log :)

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-08 06:43:19
    Windows 5.1.2600 Service Pack 3
    Running: sfcp9k88.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxrdipow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x01 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys A97502A4

    Code \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6PC5W3CR\CACZA7MN.htm 1444 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6PC5W3CR\goad[1].htm 22 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EHADCP0P\spotx[1].js 6828 bytes

    ---- EOF - GMER 1.0.15 ----
     
  11. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    Please give me an update on the problems after doing the following:-


    TDSSKiller

    • Please Download TDSSKiller.zip and save it on your desktop.
    • Next extract (unzip) its contents to your Desktop.
    • Next double-click the TDSSKiller Folder on your desktop.
    • Next right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.<---Important
    • Next Highlight and copy all the text (including the quote marks) in the codebox below.
      Code:
      "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
    • Click Start, click Run... and paste the text above into the Open: line and click OK.
    • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
    • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
    • When finished a log file should be created on your desktop named tdsskiller.txt
    • Copy the contents of the log & post in your next reply.

    Please reply with:-
    • TDSS Killer log
    • New HJT log
    • Update on problems
     
  12. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    Hi Muppy,

    The audio ads were playing around 45 minutes ago however they stopped for the past 15 or so minutes. I'm getting a clicking sound in the background every 5 or so minutes. Like a program opening sound--- hard to describe.

    Here is the log from TDSS Killer - no reboot was prompted.

    20:37:08:359 4668 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
    20:37:08:359 4668 ================================================================================
    20:37:08:359 4668 SystemInfo:

    20:37:08:359 4668 OS Version: 5.1.2600 ServicePack: 3.0
    20:37:08:359 4668 Product type: Workstation
    20:37:08:359 4668 ComputerName: TUNZBOX
    20:37:08:359 4668 UserName: Administrator
    20:37:08:359 4668 Windows directory: C:\WINDOWS
    20:37:08:359 4668 System windows directory: C:\WINDOWS
    20:37:08:375 4668 Processor architecture: Intel x86
    20:37:08:375 4668 Number of processors: 2
    20:37:08:375 4668 Page size: 0x1000
    20:37:08:375 4668 Boot type: Normal boot
    20:37:08:375 4668 ================================================================================
    20:37:08:703 4668 Initialize success
    20:37:08:703 4668
    20:37:08:703 4668 Scanning Services ...
    20:37:09:187 4668 Raw services enum returned 350 services
    20:37:09:203 4668
    20:37:09:203 4668 Scanning Drivers ...
    20:37:13:109 4668 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    20:37:13:296 4668 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:37:13:390 4668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:37:13:562 4668 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    20:37:13:656 4668 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
    20:37:13:859 4668 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
    20:37:13:968 4668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:37:14:062 4668 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    20:37:14:296 4668 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    20:37:14:375 4668 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    20:37:14:609 4668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:37:14:734 4668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:37:14:828 4668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:37:15:000 4668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:37:15:328 4668 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    20:37:15:828 4668 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    20:37:16:125 4668 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    20:37:16:234 4668 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    20:37:16:500 4668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:37:16:687 4668 Blfp (9976971b7092f5bff20073ab31ba1598) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
    20:37:17:000 4668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:37:17:265 4668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:37:17:421 4668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:37:17:546 4668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:37:17:968 4668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:37:18:265 4668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:37:18:500 4668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:37:18:734 4668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:37:18:796 4668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:37:19:031 4668 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    20:37:19:109 4668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:37:19:156 4668 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    20:37:19:281 4668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:37:19:343 4668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:37:19:546 4668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:37:19:640 4668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    20:37:19:765 4668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:37:19:984 4668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:37:20:203 4668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:37:20:312 4668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    20:37:20:484 4668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:37:20:593 4668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:37:20:843 4668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:37:21:109 4668 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:37:21:281 4668 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    20:37:21:375 4668 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    20:37:21:453 4668 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    20:37:21:640 4668 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    20:37:21:750 4668 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    20:37:21:968 4668 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    20:37:22:078 4668 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
    20:37:22:250 4668 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
    20:37:22:359 4668 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
    20:37:22:546 4668 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    20:37:22:640 4668 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    20:37:22:765 4668 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    20:37:22:828 4668 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    20:37:23:062 4668 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
    20:37:23:109 4668 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
    20:37:23:359 4668 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    20:37:23:703 4668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:37:23:812 4668 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:37:23:906 4668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:37:24:046 4668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:37:24:140 4668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:37:24:234 4668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:37:24:359 4668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:37:24:437 4668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:37:24:671 4668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:37:24:734 4668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:37:24:953 4668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:37:25:093 4668 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:37:25:656 4668 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
    20:37:26:046 4668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:37:26:328 4668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:37:26:734 4668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:37:26:812 4668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:37:26:890 4668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:37:27:125 4668 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:37:27:328 4668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:37:27:515 4668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:37:27:640 4668 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:37:27:875 4668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:37:28:031 4668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:37:28:125 4668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:37:28:218 4668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:37:28:296 4668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:37:28:562 4668 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    20:37:28:859 4668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:37:28:968 4668 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:37:29:125 4668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:37:29:234 4668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:37:29:390 4668 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:37:29:625 4668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:37:29:718 4668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:37:29:906 4668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:37:30:000 4668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:37:30:250 4668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:37:30:343 4668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:37:30:500 4668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:37:30:656 4668 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    20:37:30:812 4668 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    20:37:30:937 4668 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    20:37:31:046 4668 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    20:37:31:125 4668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    20:37:31:218 4668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:37:31:296 4668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:37:31:578 4668 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
    20:37:31:640 4668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:37:31:875 4668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:37:32:093 4668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:37:32:781 4668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:37:32:937 4668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:37:33:156 4668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:37:33:281 4668 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:37:33:640 4668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:37:33:828 4668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:37:33:906 4668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:37:34:046 4668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:37:34:156 4668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:37:34:343 4668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:37:34:546 4668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:37:34:765 4668 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:37:34:875 4668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:37:34:984 4668 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:37:35:000 4668 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    20:37:35:031 4668 SASKUTIL (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    20:37:35:265 4668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:37:35:343 4668 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:37:35:515 4668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:37:35:718 4668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:37:35:843 4668 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys
    20:37:36:140 4668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:37:36:281 4668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:37:36:390 4668 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:37:36:640 4668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:37:36:812 4668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:37:36:906 4668 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    20:37:37:046 4668 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    20:37:37:265 4668 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
    20:37:37:406 4668 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    20:37:37:625 4668 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    20:37:37:765 4668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:37:37:953 4668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:37:38:171 4668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:37:38:296 4668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:37:38:406 4668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:37:38:703 4668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:37:39:046 4668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:37:39:250 4668 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    20:37:39:375 4668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:37:39:578 4668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:37:39:750 4668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:37:39:921 4668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:37:40:000 4668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:37:40:156 4668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:37:40:296 4668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    20:37:40:703 4668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:37:40:968 4668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:37:41:406 4668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:37:41:515 4668 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    20:37:41:718 4668 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    20:37:41:843 4668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:37:42:046 4668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:37:42:062 4668
    20:37:42:062 4668 Completed
    20:37:42:062 4668
    20:37:42:062 4668 Results:
    20:37:42:062 4668 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    20:37:42:062 4668 File objects infected / cured / cured on reboot: 0 / 0 / 0
    20:37:42:062 4668
    20:37:42:062 4668 KLMD(ARK) unloaded successfully

    Here is the HJT log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:41:41 PM, on 8/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\TEMP\Google Toolbar\gtb3DA.tmp.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-503407278-1183313066-1582376886-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-503407278-1183313066-1582376886-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-503407278-1183313066-1582376886-1006\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (User '?')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152713012296
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7600 bytes
     
  13. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    I see that you use Registry Mechanic 8.0

    Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    The point we are trying to make is that the risk of using one far outweighs any benefit.
    If it does work perfectly you will not see any difference
    If it doesn't work properly you may end up with an expensive doorstop.

    TFC(Temp File Cleaner):

    • Please download TFC to your desktop,
    • Save any unsaved work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.

    Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    PLEASE DELETE YOUR VERSION OF COMBOFIX AND DOWNLOAD THE LATEST AS FOLLOWS

    Download and run Combofix
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    Please download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • If you need help to disable your protection programs see here.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]
    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

    If you need help, see this link:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please reply with:-
    • Combofix log
    • New HJT log
     
  14. Dhammiko

    Dhammiko Thread Starter

    Joined:
    Jul 7, 2010
    Messages:
    27
    Logs below.... Also, ad's have just started again since restart and an internet explorer icon has appeared on the desktop.

    combofix log

    ComboFix 10-07-07.02 - Administrator 08/07/2010 21:18:35.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1271.510 [GMT 10:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
    .

    2010-07-08 11:08:05 . 2010-07-08 11:08:05 52432 ----a-w- C:\WINDOWS\system32\drivers\klmd.sys
    2010-07-07 11:43:21 . 2010-07-07 11:43:34 -------- d-----w- C:\rsit
    2010-07-07 09:16:20 . 2010-07-07 11:43:32 -------- d-----w- C:\Program Files\Trend Micro
    2010-07-07 09:01:48 . 2010-07-07 11:40:40 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    2010-07-07 08:39:13 . 2010-07-07 08:39:24 -------- d-----w- C:\Program Files\ERUNT
    2010-07-06 08:24:51 . 2010-07-06 08:24:51 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
    2010-07-06 08:24:33 . 2010-07-06 08:24:39 -------- d-----w- C:\Program Files\Opera
    2010-07-06 08:03:37 . 2010-07-06 08:03:56 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
    2010-07-06 07:53:28 . 2010-07-07 07:34:19 121975 ----a-w- C:\MGlogs.zip
    2010-07-06 07:53:24 . 2010-07-07 07:34:19 -------- d-----w- C:\MGtools
    2010-07-05 07:23:08 . 2010-07-08 11:14:01 52224 ----a-w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-06-26 04:10:14 . 2010-06-26 04:10:18 -------- d-----w- C:\Program Files\iPod
    2010-06-26 04:10:00 . 2010-06-26 04:11:14 -------- d-----w- C:\Program Files\iTunes
    2010-06-26 04:10:00 . 2010-06-26 04:11:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-26 04:05:01 . 2010-06-26 04:06:27 -------- d-----w- C:\Program Files\QuickTime
    2010-06-26 04:02:15 . 2010-06-26 04:02:17 -------- d-----w- C:\Program Files\Apple Software Update
    2010-06-26 03:56:30 . 2010-06-26 03:56:34 -------- d-----w- C:\Program Files\Bonjour
    2010-06-15 10:01:34 . 2010-06-15 10:01:34 72504 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-08 11:14:00 . 2009-06-22 08:39:55 117760 ----a-w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-06 07:50:15 . 2009-08-29 06:40:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\WinZip
    2010-07-06 07:36:33 . 2006-07-13 07:57:17 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2010-07-06 07:36:32 . 2006-07-13 07:57:29 -------- d-----w- C:\Program Files\Symantec
    2010-07-06 07:36:26 . 2006-07-13 07:57:17 -------- d-----w- C:\Program Files\Symantec AntiVirus
    2010-07-06 07:36:26 . 2006-07-13 07:57:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
    2010-07-05 07:34:43 . 2009-06-22 08:39:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-07-05 07:13:34 . 2009-07-18 06:06:17 -------- d-----w- C:\Program Files\Common Files\Adobe
    2010-07-05 04:51:09 . 2009-03-07 02:04:28 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-06-26 04:25:40 . 2009-07-14 10:01:22 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2010-06-26 04:20:34 . 2009-05-24 03:27:35 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
    2010-06-26 04:10:08 . 2009-05-24 03:27:36 -------- d-----w- C:\Program Files\Common Files\Apple
    2010-06-25 10:07:18 . 2009-03-07 01:46:57 -------- d-----w- C:\Program Files\AVG
    2010-06-25 10:06:20 . 2009-03-07 01:46:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\avg8
    2010-06-25 09:53:31 . 2009-07-11 12:20:07 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\BitTorrent
    2010-06-01 10:53:54 . 2010-06-01 10:53:54 -------- d-----w- C:\Program Files\Veoh Networks
    2010-05-18 06:35:16 . 2010-05-18 06:35:16 91424 ----a-w- C:\WINDOWS\system32\dnssd.dll
    2010-05-18 06:35:16 . 2010-05-18 06:35:16 75040 ----a-w- C:\WINDOWS\system32\jdns_sd.dll
    2010-05-18 06:35:16 . 2010-05-18 06:35:16 197920 ----a-w- C:\WINDOWS\system32\dnssdX.dll
    2010-05-18 06:35:16 . 2010-05-18 06:35:16 107808 ----a-w- C:\WINDOWS\system32\dns-sd.exe
    2010-05-02 05:22:50 . 2004-08-04 08:00:00 1851264 ----a-w- C:\WINDOWS\system32\win32k.sys
    2010-04-29 05:39:38 . 2009-03-07 02:04:31 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-04-29 05:39:26 . 2009-03-07 02:04:33 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2010-04-20 05:30:08 . 2004-08-04 08:00:00 285696 ----a-w- C:\WINDOWS\system32\atmfd.dll
    2010-04-19 10:47:44 . 2009-05-24 03:28:54 3062048 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
    2010-04-19 10:47:42 . 2009-05-24 03:28:54 41984 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
    2010-04-16 16:09:09 . 2004-08-04 08:00:00 667136 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-04-16 16:09:05 . 2004-08-04 08:00:00 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-07-07_09.06.15 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-08-09 13:44:32 . 2010-07-07 07:22:22 72020 C:\WINDOWS\system32\perfc009.dat
    + 2004-08-09 13:44:32 . 2010-07-08 11:17:10 72020 C:\WINDOWS\system32\perfc009.dat
    - 2006-07-13 06:54:51 . 2010-07-07 09:01:16 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-08 11:13:03 . 2010-07-08 11:17:40 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2006-07-13 06:54:51 . 2010-07-08 11:17:40 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-07-13 06:54:51 . 2010-07-07 09:01:16 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-07-13 06:54:51 . 2010-07-07 09:01:16 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2006-07-13 06:54:51 . 2010-07-08 11:17:40 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2004-08-09 13:44:32 . 2010-07-08 11:17:10 444336 C:\WINDOWS\system32\perfh009.dat
    - 2004-08-09 13:44:32 . 2010-07-07 07:22:22 444336 C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 03:03:14 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 03:03:14 1230080 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 03:03:14 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 03:03:14 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 03:01:36 148776]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 10:05:26 204288]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 00:05:52 1830128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-19 23:35:40 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-19 23:32:24 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-19 23:36:20 114688]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2010-03-18 21:21:10 2046816]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 06:33:44 141624]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:38 976832]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-23 23:23:45 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    ? ???????&#376; [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    ? ???????&#376; [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-07-04 03:01:36 148776 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 06:33:44 141624 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-07-04 03:20:30 161064 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 12:16:10 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    2003-11-20 18:01:08 525824 ----a-w- C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-07 00:02:21 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Opera\\opera.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [22/06/2009 6:59:25 PM 28544]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [7/03/2009 11:47:17 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [7/03/2009 11:47:28 AM 108552]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05:54 AM 9968]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05:52 AM 72944]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03:18 PM 169312]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [7/03/2009 11:47:00 AM 297752]
    R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05:56 AM 7408]
    S3 klmd23;klmd23;C:\WINDOWS\system32\drivers\klmd.sys [8/07/2010 9:08:05 PM 52432]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-06-20 01:47:34 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50:20 . 2009-10-22 01:50:20]

    2010-07-08 C:\WINDOWS\Tasks\WGASetup.job
    - C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-06-01 15:13:44 . 2009-03-10 12:18:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hp.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0wkm5bjb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
    FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
    FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmd23.sys

    HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:25:47 PM, on 8/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152713012296
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7431 bytes
     
  15. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,879
    The end part of the CF log wsa not posted, please post again.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/933948