1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved AVG Resident Shield Detected Virus

Discussion in 'Malware and Virus Removal Archive' started by Nokanda, 2010/09/08.

Page 1 of 3
  1. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    [Resolved] AVG Resident Shield Detected Virus

    Last week I purchased a membership to play Pogo games. To my surprise I am only able to play their flash games or embedded java games. Any games involving a pop out java window would load and within the first 15 seconds of play the window would go black. I have spent days going back and forth with the Pogo and EA Games techs trying to resolve the problem without success. We all believe the problem has something to do with java.

    On Tuesday I decided to search for forums to see if there were any other people who experienced my problem. The Windows BBS posts are all old posts and the problems reported didn't seem to be the same as mine. While searching through Google for other forums and reading posts I somehow picked up a nasty virus. My AVG Resident Shield was popping up with reports of attacks. At one point an anti-virus program unrelated to AVG opened up with a report that a virus was trying to access my personal information, specifically my credit card info. The program was called "Anti Malware Doctor ". I have never downloaded that program and immediately became suspicious. I searched this forum for information about it and found out it is a virus.

    I logged onto Malwarebytes to get an updated version of their program and kept getting redirected to the "Anti Malware Doctor ". I was able to get the updated version from cNet. After running the scan the program quarantined 5 threats - Adware ADON (file), 2 x Trojan Downloader (file & registry), and 3 x Disabled.SecurityCenter (registry). Since then I have not been redirected to the "Anti Malware Doctor" page.

    I logged onto Kaspersky and did an online scan which reported that I have 9 threats and 15 infections. Without any surprise some of the files reported would not let me delete them and the ones that did reappeared in a subsequent Kaspersky scan in a "restore" folder.

    I have 3 instances of Backdoor.Win32.VB.mea
    4 instances of Exploit.Java.Agent.bu
    2 instances of Packed.Win32.Katusha.n
    and 1 instance each of: Trojan.Win32.Vilsel.aobu, Worm.Win32.VBNA.b, Trojan-Downloader.Win32.Mufanom.aekq, Trojan-Dropper.Win32.Delf.gat, not-a-virus:WebToolbar.Win32.WhenU.a, not-a-virus:Client-IRC.Win32.mIRC.60

    The mIRC one surprises me as I have never used the mIRC program that was installed on the computer when I purchased it (used) about 4 years ago and it has never come up in my weekly AVG scans.

    My operating system is Windows XP. Any help you can give me with removing these threats and infections would be greatly appreciated.
     
    Nokanda,
    #1
  2. 2010/09/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    I'm having trouble posting the logs. I keep getting an error message that the connection to the server was reset while the page was loading.
     
    Nokanda,
    #3
  5. 2010/09/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    How are you trying to post the logs? - copy/paste the contents into a post or two here.

    If the computer on which you made your last post in not the infected computer use that to post.
     
    PeteC,
    #4
  6. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    Attach file:

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/1/2007 10:13:29 PM
    System Uptime: 9/8/2010 5:09:28 AM (0 hours ago)

    Motherboard: Dell Computer Corporation | | Precision 330
    Processor: Intel(R) Pentium(R) 4 CPU 1400MHz | Microprocessor | 1395/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 19.701 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)
    G: is FIXED (FAT32) - 233 GiB total, 115.471 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    J: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 9/6/2010 10:28:51 PM - System Checkpoint

    ==== Installed Programs ======================


    ACDSee 32
    Adobe Download Manager
    Adobe Download Manager 2.2 (Remove Only)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    Apple Software Update
    Audacity 1.2.6
    AVG Free 9.0
    Bingo Blowout
    BingoMega
    BitTornado 0.3.17
    Board Games
    BSPlayer
    Card Games
    Clue
    DirectX Media Runtime 5.1
    EPSON Printer Software
    EPSON Scan
    EPSON Web-To-Page
    FileZilla (remove only)
    FoxyProxy Video Utility
    Free Video to Mp3 Converter version 2.7
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Updater
    Harry Potter and the Goblet of Fire™
    HijackThis 2.0.2
    Hoyle Card Games
    Hoyle® Puzzle & Board 2009
    Java(TM) 6 Update 12
    Lizardtech Express View Browser Plug-in
    Magellan POI File Editor
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft Diagnostics and Recovery Toolset 5.0
    Microsoft Greetings
    Microsoft Office 2000 Professional
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word Supplemental Templates and Wizards
    Mozilla Firefox (3.6.8)
    MSN
    MSXML 4.0 SP2 (KB936181)
    Mysterious City Cairo (remove only)
    National Geographic Plan It Green
    neroxml
    Norton AntiVirus Corporate Edition
    NVIDIA Drivers
    Oscar Spring Edtion 2001
    Paint Shop Pro 7 ESD
    Parker Brothers Classic Card Games
    Picasa 3
    Player
    PopCap Browser Plugin
    QuickTax 2007
    QuickTax 2008
    QuickTax 2009
    QuickTime
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio MyDVD Basic v9
    Scrabble Complete
    Search Settings v1.2.3
    SecurDisc Viewer
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB924270)
    Sesame Street First Steps (remove only)
    Slingo Mysteries
    Sonic Activation Module
    SpongeBob SquarePants - Lights, Camera, Pants!
    SpongeBob SquarePants - Nighty Nightmare
    SpongeBob SquarePants - The Movie
    SpongeBob SquarePants® Operation Krabby Patty
    System Requirements Lab
    The Game Of Life
    The Mysterious City Golden Prague (remove only)
    Unlocker 1.8.7
    Update for Windows XP (KB898461)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB938828)
    Virtual Earth 3D (Beta)
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    WinRAR archiver
    Zoo Tycoon 2
    Zoo Tycoon Expanded

    ==== Event Viewer Messages From Past Week ========

    9/6/2010 9:50:25 PM, error: DCOM [10001] - Unable to start a DCOM Server: {E367E1A1-E917-11D0-AF5F-00A02448799A} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE -Embedding
    9/6/2010 9:50:25 PM, error: DCOM [10001] - Unable to start a DCOM Server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE -Embedding
    9/6/2010 9:48:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error: An instance of the service is already running.
    9/6/2010 9:47:58 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/6/2010 10:51:51 PM, error: DCOM [10001] - Unable to start a DCOM Server: {9209B1A6-964A-11D0-9372-00A0C9034910} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE -Embedding
    9/6/2010 10:31:50 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    9/6/2010 10:21:35 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    9/6/2010 10:21:35 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    9/6/2010 10:11:50 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    9/2/2010 9:49:33 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    9/2/2010 9:49:33 PM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
    9/2/2010 9:49:33 PM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

    ==== End Of File ===========================
     
    Nokanda,
    #5
  7. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    DDS part 1

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Pam at 5:21:05.40 on Wed 09/08/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.767.248 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Pam\Desktop\FF Downloads\dds.scr


    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\pam\applic~1\mozilla\firefox\profiles\dbcuirvh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&sourceid=navclient-ff&rlz=1R0MOZA_en&ie=UTF-8&source=iglk
    FF - component: c:\documents and settings\pam\application data\mozilla\firefox\profiles\dbcuirvh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\documents and settings\pam\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - HiddenExtension: XULRunner: {2D11D2DD-4181-4955-AC7A-586AA060A3B3} - c:\documents and settings\pam\local settings\application data\{2D11D2DD-4181-4955-AC7A-586AA060A3B3}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);


    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-26 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-26 29584]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-26 243024]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-30 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-30 308136]
    R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]
    R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2008-8-25 7936]
    S3 mbr;mbr;\??\c:\docume~1\pam\locals~1\temp\mbr.sys --> c:\docume~1\pam\locals~1\temp\mbr.sys [?]
    S3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080827.038\NAVENG.sys [2008-8-29 89104]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080827.038\NAVEX15.sys [2008-8-29 873552]
    S3 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

    =============== Created Last 30 ================

    2010-09-07 14:44:15 0 d-----w- c:\docume~1\pam\applic~1\AVG9
    2010-09-07 04:30:20 36865 ----a-w- c:\windows\system32\msllhsjn.dll
    2010-09-07 02:16:20 195584 ----a-w- c:\windows\Rgukub.exe
    2010-09-07 01:47:39 0 ----a-w- c:\windows\Xsedegucob.bin
    2010-09-07 01:47:33 120 ----a-w- c:\windows\Driquwipiq.dat
    2010-09-07 01:46:40 195584 ----a-w- c:\windows\Rgukua.exe
    2010-09-07 01:44:18 0 d-----w- C:\spoolerlogs
    2010-09-03 17:51:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-03 16:22:04 410984 ----a-w- c:\windows\system32\deploytk.dll
    2010-09-01 16:20:07 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-09-01 13:48:48 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
    2010-09-01 13:48:48 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2010-09-01 13:48:46 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2010-09-01 13:48:44 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
    2010-09-01 13:48:42 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
    2010-09-01 13:48:42 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
    2010-09-01 13:48:34 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
    2010-09-01 13:47:57 0 d-----w- c:\windows\Logs
    2010-08-31 02:38:42 0 d-----w- c:\docume~1\pam\applic~1\funkitron
    2010-08-29 17:10:26 176128 ----a-w- c:\windows\system32\nvudisp.exe
    2010-08-29 17:10:26 14435 ----a-w- c:\windows\system32\nvdisp.nvu
    2010-08-29 17:10:26 0 d-----w- c:\windows\nview
    2010-08-29 17:10:12 0 d-----w- c:\windows\system32\ReinstallBackups
    2010-08-29 17:09:43 0 d-----w- C:\NVIDIA
    2010-08-29 16:47:46 0 d-----w- c:\program files\SystemRequirementsLab
    2010-08-29 04:35:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-29 03:25:26 0 d-sh--w- c:\documents and settings\pam\IECompatCache
    2010-08-29 03:15:56 0 d-sh--w- c:\documents and settings\pam\PrivacIE
    2010-08-29 03:14:31 0 d-sh--w- c:\documents and settings\pam\IETldCache
    2010-08-29 03:07:37 0 d-----w- c:\windows\ie8updates
    2010-08-29 03:04:03 0 dc-h--w- c:\windows\ie8
    2010-08-29 02:20:35 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-08-29 02:20:35 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-08-29 02:20:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-08-29 02:20:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-29 02:20:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-08-29 02:20:23 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-08-29 02:20:18 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-08-15 16:55:37 0 d-----w- c:\docume~1\pam\applic~1\Amaranth Games
    2010-08-15 04:53:35 0 d-----w- c:\docume~1\alluse~1\applic~1\EA
    2010-08-15 04:43:22 0 d-----w- c:\docume~1\pam\applic~1\EA
    2010-08-15 01:46:55 0 d-----w- c:\program files\common files\Oberon Media
    2010-08-15 01:46:17 0 d-----w- c:\program files\Oberon Media

    ==================== Find3M ====================

    2010-07-30 21:31:27 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-30 21:31:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-30 21:27:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/ig?hl=en
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = 194.36.10.156:3128
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File


    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\pam\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" - "http://server1.brnnet.com/shockscreenbingo.asp?saccess=0&sgameskin=133&shost=server1.brnnet.com&stable=136&sport=10149&swidth=750&sheight=550&username=Nokanda&password=081433&userid=116308&siteid=1&skinid=8&urlsite=http%3A%2F%2Fwww.bingocanada.com "
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Agoquf] rundll32.exe "c:\windows\elabonata.dll ",Startup
    mRun: [byivqr] RUNDLL32.EXE c:\windows\system32\msllhsjn.dll,w
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [RunNarrator] Narrator.exe
    mExplorerRun: [a5x3tq] c:\docume~1\pam\locals~1\temp\202fbh.exe
    StartupFolder: c:\docume~1\pam\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft home publishing\MHPRMIND.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - g:\program files\microsoft office\office\OSA9.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - g:\program files\partygaming\partybingo\RunBingo.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\foxyproxy\foxyproxy video utility\FPServiceProvider.dll
     
    Nokanda,
    #6
  8. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    It will not let me post the Pseudo HJT part of the report.
     
    Nokanda,
    #7
  9. 2010/09/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    I'll leave this for one of our Malware Analysts to respond to - it should not be too long.
     
    PeteC,
    #8
  10. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    it will absolutely not let me post the last 20 lines of the Pseudo HJT log.

    Thanks PeteC.
     
    Nokanda,
    #9
  11. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    Let's try attaching the DDS file and see if that works.

    no - it resets the connection to the server for that too.
     
    Nokanda,
    #10
  12. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    I only have 1 computer and it's the infected one. I've copied and pasted everything I could. It won't let me post the last 20 lines of the Pseudo HJT part of the DDS report.
     
    Nokanda,
    #11
  13. 2010/09/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #12
  14. 2010/09/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I've combined xxx number of posts into one. Please try to limit the number of posts. You can post 55,000 characters in a single post. Complete logs should be in a single post (or two posts if need be).
     
    Admin.,
    #13
  15. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    Thanks Arie. I did try to do that as I said previously in my posts. For whatever reason I kept getting the server reset error message and the log post was lost. I could only post small portions of it at a time and there's still one portion of 20 lines that I can't post. I can't upload the file either.

    Yes, I am aware of the danger of P2P programs and won't allow my kids to use them. I got this virus from surfing for answers to my java problem. I can't remember the website and because my setting erase all history, etc. on closing the browser I can't look it up.

    Thanks
     
    Nokanda,
    #14
  16. 2010/09/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    That figures, since yours is about 100 years out of date :(

    Java is at update 21 these days, yours is at update 12!
     
    Admin.,
    #15
  17. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    well, I did have the latest version but the techs at pogo and ea games made me uninstall java at least a dozen times and reinstall older versions 1 at a time to see if they worked. The version I have now is the oldest version to have the necessary plug in. It was installed only a few days ago and I never had the chance to continue with the pogo techs because I got this virus that keeps setting off AVG.
     
    Nokanda,
    #16
  18. 2010/09/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Nice!

    As long as you realize that by running out of date software (specially Java and Adobe Flash) will open your system up to Malware infections.
     
    Admin.,
    #17
  19. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    Yes and the worst of it all is that when I get rid of this virus I'm still going to have the pogo problem. I've already decided to cancel my subscription. It's not worth it.
     
    Nokanda,
    #18
  20. 2010/09/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is still infected.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    ===============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #19
  21. 2010/09/08
    Nokanda Lifetime Subscription

    Nokanda Well-Known Member Thread Starter

    Joined:
    2008/08/29
    Messages:
    85
    Likes Received:
    0
    Rkill ran successfully and produced a log file. Exehelper also ran successfully but there is no log file that I can find. The only log.txt window that popped up was exactly the same as the Combo-fix log.

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Pam on 09/08/2010 at 23:47:17.


    Services Stopped:


    Processes terminated by Rkill or while it was running:


    C:\Documents and Settings\Pam\Desktop\FF Downloads\rkill.com


    Rkill completed on 09/08/2010 at 23:47:37.

    ComboFix 10-09-08.01 - Pam 09/09/2010 0:03.8.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.767.476 [GMT -4:00]
    Running from: c:\documents and settings\Pam\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Pam\Application Data\Desktopicon
    c:\documents and settings\Pam\Application Data\Desktopicon\config.ini
    c:\documents and settings\Pam\Local Settings\Application Data\{2D11D2DD-4181-4955-AC7A-586AA060A3B3}
    c:\documents and settings\Pam\Local Settings\Application Data\{2D11D2DD-4181-4955-AC7A-586AA060A3B3}\chrome.manifest
    c:\documents and settings\Pam\Local Settings\Application Data\{2D11D2DD-4181-4955-AC7A-586AA060A3B3}\chrome\content\_cfg.js
    c:\documents and settings\Pam\Local Settings\Application Data\{2D11D2DD-4181-4955-AC7A-586AA060A3B3}\chrome\content\overlay.xul
    c:\documents and settings\Pam\Local Settings\Application Data\{2D11D2DD-4181-4955-AC7A-586AA060A3B3}\install.rdf
    c:\program files\Search Settings
    c:\program files\Search Settings\FF\chrome.manifest
    c:\program files\Search Settings\FF\chrome\content\plugin.js
    c:\program files\Search Settings\FF\chrome\content\plugin.xul
    c:\program files\Search Settings\FF\chrome\content\protection.js
    c:\program files\Search Settings\FF\chrome\content\utils.js
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
    c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
    c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
    c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
    c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
    c:\program files\Search Settings\FF\install.rdf
    c:\program files\Search Settings\SeARchsettings.dll
    c:\program files\Search Settings\SearchSettings.exe
    c:\program files\Search Settings\SearchSettingsRes409.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\elabonata.dll
    c:\windows\system32\Chip.dll
    c:\windows\system32\spool\prtprocs\w32x86\EIQ93cE9.dll
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_USNJSVC
    -------\Service_usnjsvc


    ((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
    .

    2010-09-08 09:35 . 2010-09-08 09:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-09-08 09:35 . 2010-09-08 09:35 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
    2010-09-07 14:44 . 2010-09-07 14:44 -------- d-----w- c:\documents and settings\Pam\Application Data\AVG9
    2010-09-07 02:16 . 2010-09-07 01:45 195584 ----a-w- c:\windows\Rgukub.exe
    2010-09-07 01:47 . 2010-09-08 08:10 0 ----a-w- c:\windows\Xsedegucob.bin
    2010-09-07 01:47 . 2010-09-08 16:59 120 ----a-w- c:\windows\Driquwipiq.dat
    2010-09-07 01:46 . 2010-09-07 01:45 195584 ----a-w- c:\windows\Rgukua.exe
    2010-09-07 01:44 . 2010-09-07 01:44 -------- d-----w- C:\spoolerlogs
    2010-09-07 01:43 . 2010-09-07 01:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-09-06 04:16 . 2010-09-06 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2010-09-03 16:56 . 2010-09-03 16:56 -------- d-----w- c:\documents and settings\Pam\Local Settings\Application Data\Sun
    2010-09-03 16:49 . 2010-09-03 16:49 -------- d-----w- c:\documents and settings\Pam\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
    2010-09-03 16:22 . 2010-09-03 17:50 410984 ----a-w- c:\windows\system32\deploytk.dll
    2010-09-01 13:48 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2010-09-01 13:48 . 2008-05-30 18:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
    2010-09-01 13:48 . 2008-05-30 18:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2010-09-01 13:48 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
    2010-09-01 13:48 . 2008-05-30 18:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
    2010-09-01 13:48 . 2008-05-30 18:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
    2010-09-01 13:48 . 2008-05-30 18:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
    2010-09-01 13:47 . 2010-09-01 13:48 -------- d-----w- c:\windows\Logs
    2010-08-31 02:38 . 2010-08-31 02:38 -------- d-----w- c:\documents and settings\Pam\Application Data\funkitron
    2010-08-29 23:38 . 2010-09-08 17:43 -------- d-----w- c:\documents and settings\Pam\Local Settings\Application Data\Temp
    2010-08-29 17:10 . 2010-08-29 17:13 -------- d-----w- c:\windows\nview
    2010-08-29 17:10 . 2005-04-01 20:16 176128 ----a-w- c:\windows\system32\nvudisp.exe
    2010-08-29 17:09 . 2010-08-29 17:09 -------- d-----w- C:\NVIDIA
    2010-08-29 16:47 . 2010-08-29 16:47 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-08-29 16:47 . 2010-08-29 16:47 -------- d-----w- c:\documents and settings\Pam\Application Data\SystemRequirementsLab
    2010-08-29 16:47 . 2010-08-29 16:47 290816 ----a-w- c:\documents and settings\Pam\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-08-29 16:47 . 2010-08-29 16:47 290816 ----a-w- c:\documents and settings\Pam\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-08-29 16:47 . 2010-08-29 16:47 290816 ----a-w- c:\documents and settings\Pam\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-08-29 16:47 . 2010-08-29 16:47 290816 ----a-w- c:\documents and settings\Pam\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-08-29 04:43 . 2010-09-02 05:00 -------- d-----w- c:\program files\Electronic Arts
    2010-08-29 04:35 . 2010-08-29 04:35 61440 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7cb02efe-n\decora-sse.dll
    2010-08-29 04:35 . 2010-08-29 04:35 503808 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-50380c86-n\msvcp71.dll
    2010-08-29 04:35 . 2010-08-29 04:35 499712 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-50380c86-n\jmc.dll
    2010-08-29 04:35 . 2010-08-29 04:35 348160 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-50380c86-n\msvcr71.dll
    2010-08-29 04:35 . 2010-08-29 04:35 12800 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7cb02efe-n\decora-d3d.dll
    2010-08-29 04:35 . 2010-09-02 17:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-29 03:25 . 2010-08-29 03:25 -------- d-sh--w- c:\documents and settings\Pam\IECompatCache
    2010-08-29 03:15 . 2010-08-29 03:15 -------- d-sh--w- c:\documents and settings\Pam\PrivacIE
    2010-08-29 03:14 . 2010-08-29 03:14 -------- d-sh--w- c:\documents and settings\Pam\IETldCache
    2010-08-29 03:07 . 2010-08-29 03:07 -------- d-----w- c:\windows\ie8updates
    2010-08-29 03:04 . 2010-08-29 03:05 -------- dc-h--w- c:\windows\ie8
    2010-08-29 02:20 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-08-29 02:20 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-08-29 02:20 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-08-29 02:20 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-29 02:20 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-08-29 02:20 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-08-29 02:20 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-08-15 16:55 . 2010-08-15 16:55 -------- d-----w- c:\documents and settings\Pam\Application Data\Amaranth Games
    2010-08-15 04:53 . 2010-08-15 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\EA
    2010-08-15 04:43 . 2010-08-15 04:43 -------- d-----w- c:\documents and settings\Pam\Application Data\EA
    2010-08-15 01:47 . 2010-09-08 17:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-15 01:46 . 2010-08-15 01:46 -------- d-----w- c:\program files\Common Files\Oberon Media
    2010-08-15 01:46 . 2010-09-01 13:57 -------- d-----w- c:\program files\Oberon Media

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-09 04:15 . 2009-06-16 19:44 -------- d-----w- c:\program files\Microsoft Home Publishing
    2010-09-09 01:03 . 2009-01-08 04:04 -------- d-----w- c:\documents and settings\Pam\Application Data\Hoyle Card Games
    2010-09-08 17:18 . 2010-03-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-09-08 09:11 . 2008-06-25 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-09-08 01:13 . 2007-04-06 23:01 -------- d-----w- c:\program files\PowerISO
    2010-09-07 05:56 . 2009-01-09 03:44 -------- d-----w- c:\documents and settings\Pam\Application Data\Hoyle Puzzle and Board Games
    2010-09-07 02:44 . 2008-08-30 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-06 04:46 . 2007-06-05 05:32 -------- d-----w- c:\program files\BFG
    2010-09-06 04:05 . 2010-01-12 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2010-09-03 17:25 . 2007-04-28 01:41 -------- d-----w- c:\program files\Java
    2010-09-01 17:10 . 2008-05-22 14:29 -------- d-----w- c:\program files\Common Files\EasyInfo
    2010-09-01 14:01 . 2007-10-30 03:50 -------- d-----w- c:\documents and settings\Pam\Application Data\Pogo Games
    2010-07-30 21:31 . 2008-08-26 06:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-30 21:31 . 2010-07-30 21:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-30 21:31 . 2008-08-26 06:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-07-30 21:27 . 2008-08-26 06:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-23 22:28 . 2010-07-23 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-07-23 22:28 . 2010-07-23 22:28 -------- d-----w- c:\program files\NOS
    2010-07-23 21:22 . 2010-08-09 04:13 1496064 ----a-w- c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\dbcuirvh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-07-23 21:22 . 2010-08-09 04:13 43008 ----a-w- c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\dbcuirvh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-07-23 21:22 . 2010-08-09 04:13 338944 ----a-w- c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\dbcuirvh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-07-23 21:22 . 2010-08-09 04:13 346112 ----a-w- c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\dbcuirvh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 68856]
    "Google Update "= "c:\documents and settings\Pam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-29 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxioDragToDisc "= "c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-30 2065760]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
    "nwiz "= "nwiz.exe" [2005-04-01 1495040]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2010-09-03 148888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2004-08-04 53760]

    c:\documents and settings\Pam\Start Menu\Programs\Startup\
    Microsoft Greetings Reminders.lnk - c:\program files\Microsoft Home Publishing\MHPRMIND.EXE [1998-8-13 40960]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Microsoft Office.lnk - g:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-30 21:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2001-09-24 11:59 73728 ----a-w- c:\program files\NavNT\vptray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001
    "FirewallOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\MSN Messenger\\livecall.exe "=
    "g:\\Program Files\\Hasbro Interactive\\Classic Games\\ClassicCard.exe "=
    "c:\\Program Files\\BitTornado\\btdownloadgui.exe "=
    "c:\\WINDOWS\\system32\\dplaysvr.exe "=
    "g:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "g:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/26/2008 2:24 AM 216400]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/26/2008 2:24 AM 243024]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/30/2010 5:27 PM 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/30/2010 5:31 PM 308136]
    R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [8/25/2008 10:02 PM 7936]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/9/2007 7:35 PM 682232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-02 02:05]

    2010-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-688789844-1060284298-1003Core.job
    - c:\documents and settings\Pam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-29 23:38]

    2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-688789844-1060284298-1003UA.job
    - c:\documents and settings\Pam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-29 23:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/ig?hl=en
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = 194.36.10.156:3128
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - g:\program files\PartyGaming\PartyBingo\RunBingo.exe
    LSP: c:\program files\FoxyProxy\FoxyProxy Video Utility\FPServiceProvider.dll
    Trusted Zone: corrie.net\www
    Trusted Zone: corriespace.com\www
    Trusted Zone: csvu.net\www
    Trusted Zone: netfile.gc.ca\www
    Trusted Zone: pogo.com
    Trusted Zone: pogo.com\www
    Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - g:\progra~1\QUICKT~1\ic2007pp.dll
    FF - ProfilePath - c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\dbcuirvh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&sourceid=navclient-ff&rlz=1R0MOZA_en&ie=UTF-8&source=iglk
    FF - component: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\dbcuirvh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\documents and settings\Pam\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
    HKLM-Run-Agoquf - c:\windows\elabonata.dll
    HKLM-Run-byivqr - c:\windows\system32\msllhsjn.dll
    MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
    AddRemove-ACDSee 32 - d:\progra~1\ACDSEE32\UNWISE.EXE
    AddRemove-mIRC - g:\program files\mirc\mirc.exe
    AddRemove-The Game Of Life - d:\program files\Hasbro Interactive\The Game Of Life\DeIsL2.isu



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-09 00:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
    "ImagePath "=multi: "system32\DRIVERS\inidvd.sys\00 "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
    "ImagePath "=multi: "system32\DRIVERS\inidvd.sys\00 "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1220945662-688789844-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1220945662-688789844-1060284298-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:95,76,56,e3,ca,06,c8,9d,31,c5,8b,8b,f2,41,3d,9b,01,fe,95,1d,3e,8a,d5,
    40,2f,be,20,23,bf,c1,6b,84,6a,76,d1,a7,d9,da,74,ca,64,97,22,be,8b,0e,c3,e8,\
    "?? "=hex:5e,70,69,e3,77,23,94,d1,9a,32,42,7a,ca,63,af,77
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(552)
    c:\windows\system32\NavLogon.dll

    - - - - - - - > 'lsass.exe'(608)
    c:\program files\FoxyProxy\FoxyProxy Video Utility\FPServiceProvider.dll

    - - - - - - - > 'explorer.exe'(3764)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\browselc.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\NavNT\defwatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-09 00:21:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-09 04:21

    Pre-Run: 20,943,147,008 bytes free
    Post-Run: 24,537,559,040 bytes free

    - - End Of File - - 17002D55EC4E591209FBA2D538337E6F
     
    Nokanda,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...