Solved Is it safe to delete these items found by Malware scan?

avz10 · 2010/04/01

[Resolved] Is it safe to delete these items found by Malware scan?

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Albievz at 13:34:40.67 on Thu 04/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.213 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\Oplmsb01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Albievz\My Documents\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: adShotHlpr Object: {068c7111-2add-4d55-8a6a-d3e78c3e3d01} - c:\windows\system32\mzgegkue.dll
BHO: hotrevenue browser enhancer: {0a3cbef7-66a6-743f-a505-15a22477c47e} - c:\windows\system32\eevclqfvmb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: adHlpr Object: {b0719153-b95b-4066-aab4-97fb5aa9366b} - c:\windows\system32\phknmwdh.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\albievz\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
mRun: [qgencujgqepxbnwdi] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\eevclqfvmb.dll "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe "
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe "
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [LanguageMonitor] c:\windows\system32\Oplmsb01.exe OKI B4100
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ezLife] rundll32 "mzgegkue.dll ",,Run
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\albievz\applic~1\mozilla\firefox\profiles\6j58hfqr.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13796&l=dis&q=
FF - component: c:\documents and settings\albievz\application data\mozilla\firefox\profiles\6j58hfqr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\albievz\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\opera\program\plugins\npASPlug.dll
FF - plugin: c:\program files\opera\program\plugins\npHAPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-29 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-29 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-29 242696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/09 21:36:54];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-17 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-17 20824]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-25 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-4-23 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-4-30 172131]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\docume~1\albievz\locals~1\temp\rar$ex00.875\sysprot\sysprotdrv.sys --> c:\docume~1\albievz\locals~1\temp\rar$ex00.875\sysprot\SysProtDrv.sys [?]

=============== Created Last 30 ================

2010-04-01 08:25:01 0 d-----w- c:\windows\pss
2010-04-01 07:22:11 0 d-----w- c:\docume~1\alluse~1\applic~1\OPLMNB01
2010-04-01 07:22:08 94208 ----a-w- c:\windows\system32\Oplmsb01.exe
2010-04-01 07:22:08 356352 ----a-w- c:\windows\system32\OPENVB01.DLL
2010-04-01 07:22:07 86016 ----a-w- c:\windows\system32\OPSB1LOC.DLL
2010-04-01 07:22:07 808 ----a-w- c:\windows\system32\OKIPAR.DAT
2010-04-01 07:22:07 79360 ----a-w- c:\windows\system32\Oplmnb01.dll
2010-04-01 07:22:07 61440 ----a-w- c:\windows\system32\OPDB1LOC.DLL
2010-04-01 07:22:07 36928 ----a-w- c:\windows\system32\drivers\OkiPar.sys
2010-04-01 07:22:07 32768 ----a-w- c:\windows\system32\OPCSTB01.DLL
2010-04-01 07:22:07 28672 ----a-w- c:\windows\system32\OPRCLB01.DLL
2010-04-01 07:22:07 0 d-----w- c:\program files\Okidata
2010-03-28 08:20:59 0 d-----w- c:\docume~1\albievz\applic~1\Smart-Ads-Solutions
2010-03-28 08:17:40 0 d-----w- c:\program files\Smart-Ads-Solutions
2010-03-28 08:14:31 0 d-----w- c:\docume~1\albievz\applic~1\ezLife
2010-03-28 08:14:27 48269 ----a-w- c:\windows\system32\xambccjqcrrx.exe
2010-03-28 08:14:23 0 d-----w- c:\program files\ezLife
2010-03-27 06:05:51 0 d-----w- c:\docume~1\albievz\applic~1\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-03-26 12:21:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-26 08:16:39 0 d-----w- c:\docume~1\albievz\applic~1\DriverCure
2010-03-26 08:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-03-26 08:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
2010-03-26 08:16:25 0 d-----w- c:\program files\ParetoLogic
2010-03-25 08:42:47 0 d-sh--w- c:\documents and settings\albievz\Phone Browser
2010-03-24 09:31:49 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-24 09:22:28 0 d-----w- c:\docume~1\albievz\applic~1\uTorrent
2010-03-24 09:16:38 0 d-----w- c:\program files\SyncToy 2.0
2010-03-24 09:13:51 0 d-----w- c:\program files\Topaz Labs
2010-03-24 09:13:47 0 d-----w- c:\program files\Topaz Labs LLC
2010-03-24 07:28:12 0 d-sh--w- C:\found.000
2010-03-24 05:55:36 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-03-23 13:29:39 0 d-----w- c:\docume~1\alluse~1\applic~1\GoodSync
2010-03-23 13:29:37 0 d-----w- c:\docume~1\albievz\applic~1\GoodSync
2010-03-23 10:25:00 0 d-----w- c:\program files\Siber Systems
2010-03-22 21:45:52 0 d-----w- c:\program files\RegSupreme
2010-03-22 21:34:44 0 d-----w- c:\program files\MSConfig CleanUp
2010-03-22 10:45:14 0 d-----w- c:\program files\Windows Installer Clean Up
2010-03-22 10:44:27 0 d-----w- c:\program files\MSECACHE
2010-03-22 05:00:36 0 d-----w- c:\program files\VS Revo Group
2010-03-21 21:03:41 23 --sha-w- c:\windows\system32\edacded0.dat
2010-03-21 21:03:41 23 ----a-w- c:\windows\system32\bcdadac7.xml
2010-03-21 21:03:23 0 d-----w- c:\program files\jv16 PowerTools 2009
2010-03-17 13:08:08 531968 ----a-w- c:\windows\system32\eevclqfvmb.dll
2010-03-14 09:29:42 297984 ----a-w- c:\windows\system32\phknmwdh.dll
2010-03-14 09:29:14 315392 ----a-w- c:\windows\system32\mzgegkue.dll
2010-03-07 20:58:38 0 d-----w- c:\documents and settings\albievz\Bluetooth Software
2010-03-06 06:31:52 0 d-sh--w- c:\documents and settings\albievz\PrivacIE
2010-03-05 19:07:11 0 d-sh--w- c:\documents and settings\albievz\IETldCache
2010-03-05 19:01:17 0 d-----w- c:\windows\ie8updates
2010-03-05 18:58:16 0 dc-h--w- c:\windows\ie8
2010-03-05 10:35:24 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-05 10:35:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-05 10:35:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-04 14:48:29 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-04 14:47:23 0 d-----w- c:\windows\SHELLNEW
2010-03-04 09:53:07 0 d-----w- c:\windows\system32\CatRoot_bak
2010-03-04 09:15:44 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-04 09:15:44 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-04 08:34:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-04 07:17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-03 19:21:07 0 d-----w- c:\program files\ESET

==================== Find3M ====================

2010-03-29 22:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:04:17 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-03-26 14:44:23 114688 ----a-w- c:\windows\keymail.dll
2010-03-14 06:07:49 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 06:07:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 06:07:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 07:17:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-06 09:59:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-06 09:59:57 47360 ----a-w- c:\docume~1\albievz\applic~1\pcouffin.sys
2010-01-26 11:46:24 232712 ----a-w- c:\windows\system32\PDBoot.exe
2006-10-04 06:00:12 733184 ----a-w- c:\program files\common files\InfoSlips.ForMe.exe

============= FINISH: 13:35:39.39 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2009 7:40:57 PM
System Uptime: 4/1/2010 10:46:08 AM (3 hours ago)

Motherboard: Hewlett-Packard | | 30D8
Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | U10 | 1186/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | U10 | 1186/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 13.517 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6500s-1
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP103: 3/26/2010 9:06:53 PM - Removed Adobe Reader 9.3.
RP104: 3/26/2010 9:08:09 PM - Installed Adobe Product/Adobe Studio Update 10/2001
RP105: 3/26/2010 9:14:18 PM - Software Distribution Service 3.0
RP106: 3/27/2010 11:00:18 AM - Software Distribution Service 3.0
RP107: 3/27/2010 2:46:05 PM - Installed Windows Installer Clean Up
RP108: 3/27/2010 5:20:11 PM - Configured Adobe Product/Adobe Studio Update 10/2001
RP109: 3/27/2010 9:57:00 PM - Software Distribution Service 3.0
RP110: 3/28/2010 11:00:17 AM - Software Distribution Service 3.0
RP111: 3/28/2010 10:09:03 PM - Software Distribution Service 3.0
RP112: 3/29/2010 11:00:26 AM - Software Distribution Service 3.0
RP113: 3/30/2010 9:15:54 AM - Software Distribution Service 3.0
RP114: 3/30/2010 11:00:20 AM - Software Distribution Service 3.0
RP115: 3/30/2010 11:21:03 AM - Removed Opera 10.10.
RP116: 3/31/2010 12:12:26 AM - Installed Adobe Reader 9.3.
RP117: 3/31/2010 1:52:43 AM - Software Distribution Service 3.0
RP118: 3/31/2010 11:00:18 AM - Software Distribution Service 3.0
RP119: 3/31/2010 9:19:10 PM - Software Distribution Service 3.0
RP120: 4/1/2010 8:45:54 AM - Printer Driver OKI B4100 Installed
RP121: 4/1/2010 9:22:03 AM - Installed StatusMonitor
RP122: 4/1/2010 11:00:17 AM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 9.10 beta
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Support Advisor
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
Advertising Center
Agere Systems HDA Modem
Any Video Converter 3.0.3
AusLogics Registry Defrag
AutoUpdate
AVG Free 9.0
BIOS Configuration for HP ProtectTools
BufferChm
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities WFT-E1/E2/E3 Utility
CANYON USB PC CAMERA
CCleaner
Combined Modem Driver Installer
Connect
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CyberLink PowerDVD 9
Destinations
Device Access Manager for HP ProtectTools
DeviceManagementQFolder
DivX Codec
DivX Player
DocProc
DolbyFiles
Download Accelerator Plus (DAP)
DVD Shrink 3.2
DVDFab 6.2.2.0 Beta (7/1/2010)
ESET Online Scanner v3
eSupportQFolder
ezLife browser enhancer
Google Chrome
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Backup and Recovery Manager Installer
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Integrated Module with Bluetooth wireless technology
HP Product Detection
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.40 H2
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Update
HP Wireless Assistant
HPProductAssistant
ImagXpress
ImgBurn
InfoSlips ForMe. Viewer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo DeviceService
Java Auto Updater
Java(TM) 6 Update 18
K-Lite Codec Pack 5.5.1 (Standard)
Knoll Light Factory EZ Studio
kuler
LightScribe System Software 1.10.13.1
Magic Bullet Looks Studio
Malwarebytes' Anti-Malware
MediaMonkey 3.1
MediaMonkey Script: MiniLyrics Embedder v1.4b
Menu Templates - Starter Kit
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Minilyrics(remove only)
Movie Templates - Starter Kit
Mozilla Firefox (3.6.2)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BackItUp 4
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero Move it
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
OGA Notifier 2.0.0048.0
OKI B4100_4250 Status Monitor
Opera 10.51
PC Connectivity Solution
PDF Settings CS4
PerfectDisk 10 Professional
Performance Solution Hotrevenue
Photoshop Camera Raw
Picasa 3
PicPick
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Video Driver
proDAD Mercalli 1.0
proDAD Vitascene 1.0
Red Giant ToonIt Studio
ScannerCopy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skypeâ„¢ 3.2
SmartAds browser enhancer
SolutionCenter
SoundMAX
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Striata Reader
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
SyncToy 2.1 (x86)
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
TrayApp
Ulead DVD MovieFactory 6
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Vodafone Mobile Connect Lite
WebFldrs XP
WebReg
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB892559
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/26/2010 9:54:32 AM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
3/26/2010 7:35:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/26/2010 7:30:50 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
3/26/2010 5:08:20 PM, error: SideBySide [71] - Syntax error in manifest or policy file "C:\Documents and Settings\Albievz\Desktop\WinCS3Clean\CleanUpRMDIR.exe" on line 10. The element trustInfo appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
3/26/2010 5:08:20 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Albievz\Desktop\WinCS3Clean\CleanUpRMDIR.exe. Reference error message: The operation completed successfully. .
3/26/2010 5:08:20 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\Albievz\Desktop\WinCS3Clean\CleanUpRMDIR.exe" on line 10.
3/26/2010 4:38:22 PM, error: SideBySide [71] - Syntax error in manifest or policy file "C:\Documents and Settings\Albievz\Desktop\dist\CleanUpRMDIR.exe" on line 10. The element trustInfo appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
3/26/2010 4:38:22 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Albievz\Desktop\dist\CleanUpRMDIR.exe. Reference error message: The operation completed successfully. .
3/26/2010 4:38:22 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\Albievz\Desktop\dist\CleanUpRMDIR.exe" on line 10.
3/25/2010 9:46:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f1: Security Update for Windows XP (KB958470).

==== End Of File ===========================

Is it safe to remove these?

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/1/2010 11:54:19 AM
mbam-log-2010-04-01 (11-54-19).txt

Scan type: Quick scan
Objects scanned: 113754
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mzgegkue.dll (Adware.Adrotator) -> No action taken.
C:\WINDOWS\system32\phknmwdh.dll (Adware.Adrotator) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xambccjqcrrx (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{068c7111-2add-4d55-8a6a-d3e78c3e3d01} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{068c7111-2add-4d55-8a6a-d3e78c3e3d01} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a3cbef7-66a6-743f-a505-15a22477c47e} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0a3cbef7-66a6-743f-a505-15a22477c47e} (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0719153-b95b-4066-aab4-97fb5aa9366b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0719153-b95b-4066-aab4-97fb5aa9366b} (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qgencujgqepxbnwdi (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.4.2.0 (Adware.SmartAds) -> No action taken.
C:\Documents and Settings\Albievz\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
C:\Documents and Settings\Albievz\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> No action taken.
C:\Documents and Settings\Albievz\Application Data\ezLife (Adware.EzLife) -> No action taken.
C:\Documents and Settings\Albievz\Application Data\ezLife\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife\ezLife\1.4.2.0 (Adware.EzLife) -> No action taken.

Files Infected:
C:\WINDOWS\system32\mzgegkue.dll (Adware.Adrotator) -> No action taken.
C:\WINDOWS\system32\phknmwdh.dll (Adware.Adrotator) -> No action taken.
C:\Program Files\Mozilla Firefox\Components\ffxShot.dll (Adware.Adrotator) -> No action taken.
C:\RECYCLER\S-1-5-21-839522115-2147074499-2109526056-1003\Dc3.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-839522115-2147074499-2109526056-1003\Dc4.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-839522115-2147074499-2109526056-1003\Dc11\Adobe CS4 Master Collection Keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\WINDOWS\system32\xambccjqcrrx.exe (Adware.Adrotator) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.4.2.0\uninstall.exe (Adware.SmartAds) -> No action taken.
C:\Documents and Settings\Albievz\Application Data\ezLife\ezLife\log.xml (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife\ezLife\1.4.2.0\uninstall.exe (Adware.EzLife) -> No action taken.
C:\Program Files\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> No action taken.
C:\WINDOWS\system32\eevclqfvmb.dll (Trojan.Agent) -> No action taken.

broni · 2010/04/01

Yes, all of them should be removed.
You may have more "stuff" there.

Re-run Malwarebytes, remove all of the above.

When done...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

avz10 · 2010/04/02

ComboFix 10-03-29.04 - Albievz 04/02/2010 6:41.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.382 [GMT 2:00]
Running from: c:\documents and settings\Albievz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Albievz\Application Data\ezLife
c:\documents and settings\Albievz\Application Data\ezLife\ezLife\log.xml
c:\documents and settings\Albievz\Application Data\Smart-Ads-Solutions
c:\program files\ezLife
c:\program files\ezLife\ezLife\1.4.2.0\uninstall.exe
c:\program files\Smart-Ads-Solutions
c:\program files\Smart-Ads-Solutions\SmartAds\1.4.2.0\uninstall.exe
c:\windows\system32\drivers\igtr.sys
c:\windows\system32\ReadMe.txt
c:\windows\system32\xambccjqcrrx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_matlla

((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-01 17:20 . 2010-04-01 17:20 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 17:20 . 2010-04-01 17:20 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 17:20 . 2010-04-01 17:20 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 17:19 . 2010-04-01 17:19 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 17:19 . 2010-04-01 17:19 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 17:19 . 2010-04-01 17:19 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 17:19 . 2010-04-01 17:19 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-01 17:19 . 2010-04-01 17:19 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 17:19 . 2010-04-01 17:19 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-01 17:19 . 2010-04-01 17:19 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 17:19 . 2010-04-01 17:19 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-01 17:19 . 2010-04-01 17:19 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 17:19 . 2010-04-01 17:19 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 17:17 . 2010-04-01 17:17 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-01 17:17 . 2010-04-01 17:17 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 08:12 . 2010-04-01 08:12 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-01 07:22 . 2010-04-01 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\OPLMNB01
2010-04-01 07:22 . 2004-09-08 16:15 356352 ----a-w- c:\windows\system32\OPENVB01.DLL
2010-04-01 07:22 . 2004-01-09 14:28 94208 ----a-w- c:\windows\system32\Oplmsb01.exe
2010-04-01 07:22 . 2010-04-01 07:22 -------- d-----w- c:\program files\Okidata
2010-04-01 07:22 . 2004-09-23 09:27 61440 ----a-w- c:\windows\system32\OPDB1LOC.DLL
2010-04-01 07:22 . 2004-03-31 09:53 86016 ----a-w- c:\windows\system32\OPSB1LOC.DLL
2010-04-01 07:22 . 2004-03-26 18:59 79360 ----a-w- c:\windows\system32\Oplmnb01.dll
2010-04-01 07:22 . 2004-01-13 09:33 28672 ----a-w- c:\windows\system32\OPRCLB01.DLL
2010-04-01 07:22 . 2004-01-13 09:31 32768 ----a-w- c:\windows\system32\OPCSTB01.DLL
2010-04-01 07:22 . 2003-06-23 11:52 36928 ----a-w- c:\windows\system32\drivers\OkiPar.sys
2010-04-01 07:22 . 2001-01-15 22:17 808 ----a-w- c:\windows\system32\OKIPAR.DAT
2010-03-27 16:29 . 2010-03-27 16:29 -------- d-----w- c:\program files\Adobe Media Player
2010-03-27 12:46 . 2010-03-27 12:46 3584 ----a-r- c:\documents and settings\Albievz\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-27 06:05 . 2010-03-27 06:05 -------- d-----w- c:\documents and settings\Albievz\Application Data\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-03-27 06:05 . 2010-03-27 05:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-27 05:11 . 2010-04-01 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-27 05:03 . 2010-03-27 05:03 -------- d-----w- c:\program files\7-Zip
2010-03-26 12:21 . 2010-03-26 12:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-26 08:16 . 2010-03-26 08:17 -------- d-----w- c:\documents and settings\Albievz\Application Data\DriverCure
2010-03-26 08:16 . 2010-03-26 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-03-26 08:16 . 2010-03-26 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-26 08:16 . 2010-03-26 08:16 -------- d-----w- c:\program files\ParetoLogic
2010-03-25 08:42 . 2010-03-25 09:28 -------- d-sh--w- c:\documents and settings\Albievz\Phone Browser
2010-03-24 09:31 . 2010-03-24 09:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-24 09:22 . 2010-03-26 12:53 -------- d-----w- c:\documents and settings\Albievz\Application Data\uTorrent
2010-03-24 09:16 . 2010-03-24 09:16 -------- d-----w- c:\program files\SyncToy 2.0
2010-03-24 09:16 . 2010-03-27 06:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-24 09:13 . 2010-03-24 09:13 -------- d-----w- c:\program files\Topaz Labs
2010-03-24 09:13 . 2010-03-24 09:14 -------- d-----w- c:\program files\Topaz Labs LLC
2010-03-24 07:49 . 2010-03-30 22:11 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Adobe
2010-03-24 07:28 . 2010-03-24 07:28 -------- d-----w- C:\found.000
2010-03-24 05:55 . 2010-03-24 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-23 13:29 . 2010-03-23 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2010-03-23 13:29 . 2010-03-23 13:30 -------- d-----w- c:\documents and settings\Albievz\Application Data\GoodSync
2010-03-23 10:41 . 2010-03-23 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-03-23 10:25 . 2010-03-23 13:29 -------- d-----w- c:\program files\Siber Systems
2010-03-22 21:45 . 2010-03-24 07:49 -------- d-----w- c:\program files\RegSupreme
2010-03-22 21:34 . 2010-03-24 07:49 -------- d-----w- c:\program files\MSConfig CleanUp
2010-03-22 10:45 . 2010-03-27 12:46 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-22 10:44 . 2010-03-27 12:45 -------- d-----w- c:\program files\MSECACHE
2010-03-22 05:00 . 2010-03-22 05:00 -------- d-----w- c:\program files\VS Revo Group
2010-03-21 21:03 . 2010-03-21 21:03 23 --sha-w- c:\windows\system32\edacded0.dat
2010-03-21 21:03 . 2010-03-24 09:22 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-03-17 12:07 . 2010-03-17 12:07 -------- d-----w- c:\documents and settings\Albievz\Application Data\ImgBurn
2010-03-17 11:49 . 2010-03-24 05:56 -------- d-----w- c:\program files\ImgBurn
2010-03-13 23:48 . 2010-03-24 05:55 -------- d-----w- c:\documents and settings\x
2010-03-13 23:48 . 2010-03-13 23:48 -------- d-----w- c:\program files\Alwil Software
2010-03-07 20:58 . 2010-03-07 20:58 -------- d-----w- c:\documents and settings\Albievz\Bluetooth Software
2010-03-06 06:31 . 2010-03-06 06:31 -------- d-sh--w- c:\documents and settings\Albievz\PrivacIE
2010-03-05 19:09 . 2010-03-05 19:09 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-03-05 19:07 . 2010-03-05 19:07 -------- d-sh--w- c:\documents and settings\Albievz\IETldCache
2010-03-05 19:01 . 2010-03-06 09:01 -------- d-----w- c:\windows\ie8updates
2010-03-05 18:58 . 2010-03-05 18:59 -------- dc-h--w- c:\windows\ie8
2010-03-05 10:35 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-05 10:35 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-05 10:35 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-04 14:53 . 2010-03-05 08:56 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 14:51 . 2010-03-04 14:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-04 14:48 . 2010-03-04 14:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-04 14:47 . 2010-03-04 14:52 -------- d-----w- c:\windows\SHELLNEW
2010-03-04 14:46 . 2010-03-04 14:46 -------- d-----r- C:\MSOCache
2010-03-04 14:23 . 2010-04-01 06:34 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Temp
2010-03-04 09:53 . 2010-03-13 07:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-04 09:15 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-04 09:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-04 08:34 . 2010-03-04 12:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-04 07:17 . 2010-03-04 07:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 07:17 . 2010-03-04 07:17 -------- d-----w- c:\program files\Java
2010-03-04 07:12 . 2010-03-04 07:12 503808 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e0e276c-n\msvcp71.dll
2010-03-04 07:12 . 2010-03-04 07:12 499712 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e0e276c-n\jmc.dll
2010-03-04 07:12 . 2010-03-04 07:12 348160 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e0e276c-n\msvcr71.dll
2010-03-04 07:11 . 2010-03-04 07:11 61440 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-492f7e12-n\decora-sse.dll
2010-03-04 07:11 . 2010-03-04 07:11 12800 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-492f7e12-n\decora-d3d.dll
2010-03-03 19:21 . 2010-03-03 19:21 -------- d-----w- c:\program files\ESET
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\program files\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 04:54 . 2009-12-09 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-04-01 08:14 . 2009-10-17 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 07:22 . 2009-09-25 07:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 06:55 . 2010-01-26 16:11 -------- d-----w- c:\program files\PicPick
2010-03-30 09:21 . 2010-02-27 11:26 -------- d-----w- c:\program files\Opera
2010-03-30 08:26 . 2009-12-20 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-29 22:46 . 2009-10-17 12:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-10-17 12:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:04 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-03-27 17:40 . 2009-09-25 08:40 116240 ----a-w- c:\documents and settings\Albievz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 16:32 . 2009-11-11 09:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-27 05:11 . 2009-09-29 10:35 -------- d-----w- c:\program files\Google
2010-03-26 14:44 . 2009-10-05 16:24 114688 ----a-w- c:\windows\keymail.dll
2010-03-26 13:05 . 2009-10-12 20:14 -------- d-----w- c:\documents and settings\Albievz\Application Data\IObit
2010-03-26 12:53 . 2009-11-01 04:18 -------- d-----w- c:\documents and settings\Albievz\Application Data\Any Video Converter
2010-03-26 12:53 . 2009-09-25 11:01 -------- d-----w- c:\documents and settings\Albievz\Application Data\HpUpdate
2010-03-26 12:53 . 2010-02-05 20:01 -------- d-----w- c:\program files\DAP
2010-03-26 12:53 . 2009-12-29 07:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 12:32 . 2009-11-04 19:19 -------- d-----w- c:\documents and settings\Albievz\Application Data\Uniblue
2010-03-26 08:43 . 2009-10-12 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-25 09:30 . 2009-12-20 12:54 -------- d-----w- c:\documents and settings\Albievz\Application Data\PC Suite
2010-03-24 05:56 . 2009-09-24 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-24 03:21 . 2010-01-21 08:33 -------- d-----w- c:\documents and settings\Albievz\Application Data\Skype
2010-03-17 15:06 . 2009-12-11 14:32 -------- d-----w- c:\documents and settings\Albievz\Application Data\MiniLyrics
2010-03-14 06:07 . 2009-10-29 12:41 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 06:07 . 2009-10-29 12:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 06:07 . 2009-10-29 12:41 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 06:07 . 2009-10-29 12:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 14:53 . 2009-09-24 17:58 -------- d-----w- c:\program files\MSBuild
2010-03-04 11:03 . 2009-11-16 05:20 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-03-04 11:01 . 2009-12-06 16:02 -------- d-----w- c:\program files\Boris FX, Inc
2010-03-04 11:00 . 2009-12-28 13:05 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-04 08:14 . 2009-10-19 16:42 -------- d-----w- c:\program files\CCleaner
2010-03-04 08:02 . 2009-09-29 21:10 -------- d-----w- c:\documents and settings\Albievz\Application Data\Azureus
2010-03-04 07:17 . 2009-09-28 21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 15:08 . 2010-02-28 15:08 -------- d-----w- c:\program files\Trend Micro
2010-02-25 21:05 . 2009-12-06 15:49 -------- d-----w- c:\program files\Pinnacle
2010-02-25 21:01 . 2010-02-25 21:01 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-02-25 20:56 . 2010-02-25 20:56 29926 ----a-r- c:\documents and settings\Albievz\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-02-25 20:56 . 2010-02-25 20:56 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-02-25 20:54 . 2010-02-25 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2010-02-25 20:53 . 2009-12-06 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 14
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-21 05:57 . 2009-09-24 17:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:51 . 2010-02-19 15:14 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2010-02-19 06:16 . 2009-11-01 04:18 -------- d-----w- c:\program files\Any Video Converter
2010-02-19 06:16 . 2010-02-19 06:16 -------- d-----w- c:\documents and settings\Albievz\Application Data\AnvSoft
2010-02-14 17:03 . 2010-02-14 17:02 -------- d-----w- c:\program files\Direct X
2010-02-11 16:27 . 2010-02-11 16:27 -------- d-----w- c:\documents and settings\Albievz\Application Data\LEAPS
2010-02-11 16:26 . 2010-02-11 16:26 -------- d-----w- c:\documents and settings\Albievz\Application Data\Pegasys Inc
2010-02-11 16:19 . 2010-02-11 16:19 -------- d-----w- c:\program files\Pegasys Inc
2010-02-07 09:46 . 2010-02-07 09:46 -------- d-----w- c:\program files\Haali
2010-02-07 09:44 . 2010-02-07 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VideoConverter
2010-02-06 10:51 . 2010-01-03 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-06 10:00 . 2010-02-06 09:59 -------- d-----w- c:\documents and settings\Albievz\Application Data\Vso
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\documents and settings\Albievz\Application Data\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\documents and settings\Albievz\Application Data\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 -------- d-----w- c:\program files\DVDFab 6
2010-02-05 21:38 . 2010-02-05 20:37 -------- d-----w- c:\documents and settings\Albievz\Application Data\Toolbar4
2010-02-05 20:42 . 2010-02-05 20:42 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-02-05 20:36 . 2010-02-05 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-02-05 20:35 . 2009-10-03 04:31 -------- d-----w- c:\program files\Minilyrics
2010-02-05 20:05 . 2010-02-05 20:05 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-01-26 11:46 . 2010-01-26 11:46 232712 ----a-w- c:\windows\system32\PDBoot.exe
2006-10-04 06:00 . 2006-10-04 06:00 733184 ----a-w- c:\program files\Common Files\InfoSlips.ForMe.exe
2010-02-05 20:01 . 2010-02-28 19:34 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Google Update "= "c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-04 135664]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-02-05 2815488]
"Advanced SystemCare 3 "= "c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Scheduler "= "c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"Recguard "= "c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"PAC7302_Monitor "= "c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"LanguageMonitor "= "c:\windows\system32\Oplmsb01.exe" [2004-01-09 94208]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-03-28 611712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 06:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 06:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0rmvirut.nt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\SMINST\\Scheduler.exe "=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/29/2009 2:41 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/29/2009 2:41 PM 242696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/09 21:36];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:07 AM 308064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/17/2009 2:34 PM 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/17/2009 2:34 PM 20824]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/25/2009 9:36 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 1:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 8:28 AM 172131]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys --> c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AVG Free Tray Icon.job
- c:\progra~1\AVG\AVG9\avgtray.exe [2010-03-14 17:19]

2010-04-02 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 12:11]

2010-04-01 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:38]

2010-04-01 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2010-02-24 17:45]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2147074499-2109526056-1003Core.job
- c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 14:22]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2147074499-2109526056-1003UA.job
- c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 14:22]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13796&l=dis&q=
FF - component: c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npASPlug.dll
FF - plugin: c:\program files\Opera\program\plugins\npHAPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-xambccjqcrrx - c:\windows\system32\xambccjqcrrx.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 06:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'explorer.exe'(632)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\wudfhost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2010-04-02 07:00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 05:00
ComboFix2.txt 2010-03-02 06:41

Pre-Run: 17,899,388,928 bytes free
Post-Run: 17,858,445,312 bytes free

- - End Of File - - 1B40DF8A56BC394349B3F02D356F3DA0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:14 AM, on 4/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\Oplmsb01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Albievz\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [LanguageMonitor] C:\WINDOWS\system32\Oplmsb01.exe OKI B4100
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10851 bytes

broni · 2010/04/02

Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
Post scans results.

avz10 · 2010/04/02

File explorer.exe received on 2010.04.02 08:09:21 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.02 -
AhnLab-V3 5.0.0.2 2010.04.01 -
AntiVir 7.10.6.23 2010.04.02 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.02 -
Avast 4.8.1351.0 2010.04.02 -
Avast5 5.0.332.0 2010.04.02 -
AVG 9.0.0.787 2010.04.01 -
BitDefender 7.2 2010.04.02 -
CAT-QuickHeal 10.00 2010.04.02 -
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4470 2010.04.02 -
DrWeb 5.0.2.03300 2010.04.02 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7404 2010.04.02 -
F-Prot 4.5.1.85 2010.04.02 -
F-Secure 9.0.15370.0 2010.04.02 -
Fortinet 4.0.14.0 2010.04.01 -
GData 19 2010.04.02 -
Ikarus T3.1.1.80.0 2010.04.02 -
Jiangmin 13.0.900 2010.04.02 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.02 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.02 -
Microsoft 1.5605 2010.04.02 -
NOD32 4994 2010.04.02 -
Norman 6.04.10 2010.04.01 -
nProtect 2009.1.8.0 2010.04.02 -
Panda 10.0.2.2 2010.04.02 -
PCTools 7.0.3.5 2010.04.02 -
Prevx 3.0 2010.04.02 -
Rising 22.41.03.04 2010.04.01 -
Sophos 4.52.0 2010.04.02 -
Sunbelt 6128 2010.04.02 -
Symantec 20091.2.0.41 2010.04.02 -
TheHacker 6.5.2.0.251 2010.04.02 -
TrendMicro 9.120.0.1004 2010.04.02 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.2.2257 2010.04.02 -
VirusBuster 5.0.27.0 2010.04.01 -

Additional information
File size: 1032192 bytes
MD5...: a0732187050030ae399b241436565e64
SHA1..: 69f33740413da112630be73ebb805a23b69f2f7f
SHA256: cbfbcc43b18deca5619706fc134d25e0dcebcd5257d0a70f5782c42e5c2fcec9
ssdeep: 12288:izEut4RuAwGgc7fNuIEGpPoHWr2Rkf8I+skzan1/g/J/v5nn:izEuAwj2f NuIhakf8I+sk81/g/J/Jn 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1e24e timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x44689 0x44800 6.38 b257b3cd7102cece46cd7366aff0f34b .data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf .rsrc 0x48000 0xb2278 0xb2400 6.63 abf6dc1befe1a4a4c7f6ef51d1a6f907 .reloc 0xfb000 0x36dc 0x3800 6.75 ee49ce3a409d6d28c1d63eabd34499b3 ( 13 imports ) > msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf > ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW > KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount > GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode > USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW > ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess > SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, - > SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, - > ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop > OLEAUT32.dll: -, - > BROWSEUI.dll: -, -, -, - > SHDOCVW.dll: -, -, - > UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Windows Explorer original name: EXPLORER.EXE internal name: explorer file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

avz10 · 2010/04/02

File userinit.exe received on 2010.04.02 08:16:35 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.02 -
AhnLab-V3 5.0.0.2 2010.04.01 -
AntiVir 7.10.6.23 2010.04.02 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.02 -
Avast 4.8.1351.0 2010.04.02 -
Avast5 5.0.332.0 2010.04.02 -
AVG 9.0.0.787 2010.04.01 -
BitDefender 7.2 2010.04.02 -
CAT-QuickHeal 10.00 2010.04.02 -
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4470 2010.04.02 -
DrWeb 5.0.2.03300 2010.04.02 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7404 2010.04.02 -
F-Prot 4.5.1.85 2010.04.02 -
F-Secure 9.0.15370.0 2010.04.02 -
Fortinet 4.0.14.0 2010.04.01 -
GData 19 2010.04.02 -
Ikarus T3.1.1.80.0 2010.04.02 -
Jiangmin 13.0.900 2010.04.02 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.02 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.02 -
Microsoft 1.5605 2010.04.02 -
NOD32 4994 2010.04.02 -
Norman 6.04.10 2010.04.01 -
nProtect 2009.1.8.0 2010.04.02 -
Panda 10.0.2.2 2010.04.02 -
PCTools 7.0.3.5 2010.04.02 -
Prevx 3.0 2010.04.02 -
Rising 22.41.03.04 2010.04.01 -
Sophos 4.52.0 2010.04.02 -
Sunbelt 6128 2010.04.02 -
Symantec 20091.2.0.41 2010.04.02 -
TheHacker 6.5.2.0.251 2010.04.02 -
TrendMicro 9.120.0.1004 2010.04.02 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.2.2257 2010.04.02 -
VirusBuster 5.0.27.0 2010.04.01 -

Additional information
File size: 24576 bytes
MD5...: 39b1ffb03c2296323832acbae50d2aff
SHA1..: e5aedcbe25a97c89101f1f3860ff846e94d70445
SHA256: 5b5d71718108e132d10bafb0c217f469a1e3cc13f79ff8d9cbe3bf4918aff7b7
ssdeep: 384NkhB/JD1CzaxzOV6s9cKmdPGFQ273eLXVBYkkjuv1hkNLdbaLa4CwUJuUCS F4WL:gJDUaxgu5YEVBxkjuv7wbaLa4PU4b7 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x50e5 timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4db8 0x4e00 6.01 16aee663ed180007a0bf5bf24b845096 .data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1 .rsrc 0x7000 0xb60 0xc00 3.27 b388ab1541ccd9727979fb26a23f72e1 ( 7 imports ) > USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW > ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA > CRYPT32.dll: CryptProtectData > WINSPOOL.DRV: SpoolerInit > ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString > msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv > KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Userinit Logon Application original name: USERINIT.EXE internal name: userinit file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

avz10 · 2010/04/02

File svchost.exe received on 2010.04.02 08:19:59 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.02 -
AhnLab-V3 5.0.0.2 2010.04.01 -
AntiVir 7.10.6.23 2010.04.02 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.02 -
Avast 4.8.1351.0 2010.04.02 -
Avast5 5.0.332.0 2010.04.02 -
AVG 9.0.0.787 2010.04.01 -
BitDefender 7.2 2010.04.02 -
CAT-QuickHeal 10.00 2010.04.02 -
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4470 2010.04.02 -
DrWeb 5.0.2.03300 2010.04.02 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7404 2010.04.02 -
F-Prot 4.5.1.85 2010.04.02 -
F-Secure 9.0.15370.0 2010.04.02 -
Fortinet 4.0.14.0 2010.04.01 -
GData 19 2010.04.02 -
Ikarus T3.1.1.80.0 2010.04.02 -
Jiangmin 13.0.900 2010.04.02 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.02 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.02 -
Microsoft 1.5605 2010.04.02 -
NOD32 4994 2010.04.02 -
Norman 6.04.10 2010.04.01 -
nProtect 2009.1.8.0 2010.04.02 -
Panda 10.0.2.2 2010.04.02 -
PCTools 7.0.3.5 2010.04.02 -
Prevx 3.0 2010.04.02 -
Rising 22.41.03.04 2010.04.01 -
Sophos 4.52.0 2010.04.02 -
Sunbelt 6128 2010.04.02 -
Symantec 20091.2.0.41 2010.04.02 -
TheHacker 6.5.2.0.251 2010.04.02 -
TrendMicro 9.120.0.1004 2010.04.02 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.2.2257 2010.04.02 -
VirusBuster 5.0.27.0 2010.04.01 -

Additional information
File size: 14336 bytes
MD5...: 8f078ae4ed187aaabc0a305146de6716
SHA1..: da0ff4006859a7580aba81f486f692dead2014fe
SHA256: 16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a
ssdeep: 384:cpiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:dT/3Ska6Lh8C 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2fa0 timedatestamp.....: 0x46a045ec (Fri Jul 20 05:19:40 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xe0c80 0x8f400 7.07 0eadb4a2dcd26614d47e71124673cf8d .rdata 0xe2000 0x146e 0x1600 5.64 14fb47ae7c8e288146e6f3271844ac4a .data 0xe4000 0x3750 0x3800 6.49 52eb2fb5b1bfb7fbc3c903a64fa0935d .rsrc 0xe8000 0x48b0 0x4a00 5.61 a1991874c289f2c69d0bca8e0ed6acd5 ( 4 imports ) > USER32.dll: SetForegroundWindow, DestroyMenu, PostQuitMessage, IsWindow, EndPaint, GetDC, ReleaseDC, GetClientRect, DestroyWindow, GetMessageA, UpdateWindow, ShowWindow, EnableWindow, SetWindowPos, TranslateMessage, IsWindowEnabled, LoadStringA, GetWindowLongA, SetTimer, DispatchMessageA, SetFocus, BeginPaint, KillTimer, GetSystemMetrics, GetWindowRect, PostMessageA, SetWindowLongA, GetDlgItem, LoadCursorA, LoadIconA, TrackPopupMenu, GetFocus, EndDialog, MessageBoxA, GetSysColor, IsWindowVisible, InvalidateRect, SendMessageA, SetCursor > OLEAUT32.dll: -, -, -, - > GDI32.dll: GetDeviceCaps, DeleteDC, SetTextColor, CreateCompatibleDC, CreateSolidBrush, CreateCompatibleBitmap, SetBkColor > KERNEL32.dll: GetLocalTime, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, LocalAlloc, ExpandEnvironmentStringsA, SetErrorMode, FreeEnvironmentStringsW, GetTempPathA, WideCharToMultiByte, LoadLibraryW, GetStringTypeA, InterlockedExchange, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, GetFileAttributesW, GetOEMCP, LocalFree, GetEnvironmentVariableA, LoadResource, FindClose, InterlockedDecrement, FormatMessageA, SetLastError, InitializeCriticalSection, IsDebuggerPresent, FlushFileBuffers, GetModuleFileNameA, LoadLibraryExA, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, CreateMutexA, SetFilePointer, HeapDestroy, WaitForSingleObject, GetFileAttributesA, ReleaseMutex, GetConsoleOutputCP, GetStdHandle, SetFileAttributesA, GetThreadLocale, GetCurrentThreadId, GetCommandLineA, GetLastError, GetModuleHandleA, GetVersion, GetTickCount, GetCurrentProcessId, GetCurrentThread, ExitProcess, HeapAlloc, GetProcessHeap, VirtualAlloc, FindResourceA, Sleep, CreateProcessW, FindResourceW, HeapCreate, IsValidCodePage, CreateProcessA, GetEnvironmentStrings, SetStdHandle, GetModuleHandleW, GetACP, lstrcpynA, CloseHandle, ReadFile, TlsFree, MapViewOfFile, RaiseException, InterlockedCompareExchange, HeapSize, GetCPInfo, GetCommandLineW, LockResource, SizeofResource, FileTimeToLocalFileTime, VirtualFree, lstrlenW, GlobalUnlock, GetEnvironmentStringsW, FindNextFileW, LCMapStringA, GetConsoleCP, GlobalFree, lstrlenA, LCMapStringW, LeaveCriticalSection, CreateFileA, TlsSetValue, GetFileType, CreateEventA, CreateFileW, GetTimeZoneInformation, GlobalLock, WaitForMultipleObjects, FindFirstFileW, FindFirstFileA, UnmapViewOfFile, CompareStringW, GetProcAddress, SetEvent, GetWindowsDirectoryA, DeleteFileA, CreateDirectoryA, GetFileSize, GetStartupInfoA, LoadLibraryA, GetVersionExA, TlsAlloc, QueryPerformanceCounter, FreeLibrary, lstrcmpiA, SetHandleCount, EnterCriticalSection, HeapFree, WriteConsoleW, InterlockedIncrement, GetLocaleInfoA, SetEndOfFile, VirtualQuery, WriteConsoleA, TerminateProcess, SetEnvironmentVariableA, GetSystemDirectoryA, MulDiv, SetUnhandledExceptionFilter, CreateThread ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Generic Host Process for Win32 Services original name: svchost.exe internal name: svchost.exe file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

broni · 2010/04/02

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\edacded0.dat


Folder::

Driver::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "3389:TCP "=-


RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

avz10 · 2010/04/03

ComboFix 10-04-01.02 - Albievz 04/03/2010 10:35:06.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.389 [GMT 2:00]
Running from: c:\documents and settings\Albievz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\edacded0.dat

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-02 11:10 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-04-02 11:10 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-04-02 10:59 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-02 09:50 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-02 09:50 . 2010-04-02 09:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-02 09:49 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-02 09:49 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-02 09:49 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-02 09:49 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-02 09:49 . 2009-12-30 09:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-02 09:49 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-04-02 09:46 . 2010-03-25 06:36 34642680 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_en_1.exe
2010-04-02 09:46 . 2010-04-02 09:46 -------- d-----w- c:\program files\MSXML 6.0
2010-04-02 09:46 . 2010-04-02 09:46 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-04-02 09:46 . 2010-04-02 09:46 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-04-02 09:46 . 2010-04-02 09:46 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-04-01 17:20 . 2010-04-01 17:20 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 17:20 . 2010-04-01 17:20 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 17:20 . 2010-04-01 17:20 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 17:19 . 2010-04-01 17:19 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 17:19 . 2010-04-01 17:19 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 17:19 . 2010-04-01 17:19 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 17:19 . 2010-04-01 17:19 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-01 17:19 . 2010-04-01 17:19 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 17:19 . 2010-04-01 17:19 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-01 17:19 . 2010-04-01 17:19 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 17:19 . 2010-04-01 17:19 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-01 17:19 . 2010-04-01 17:19 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 17:19 . 2010-04-01 17:19 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 17:17 . 2010-04-01 17:17 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-01 17:17 . 2010-04-01 17:17 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 08:12 . 2010-04-01 08:12 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-01 07:22 . 2010-04-01 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\OPLMNB01
2010-04-01 07:22 . 2004-09-08 16:15 356352 ----a-w- c:\windows\system32\OPENVB01.DLL
2010-04-01 07:22 . 2004-01-09 14:28 94208 ----a-w- c:\windows\system32\Oplmsb01.exe
2010-04-01 07:22 . 2010-04-01 07:22 -------- d-----w- c:\program files\Okidata
2010-04-01 07:22 . 2004-09-23 09:27 61440 ----a-w- c:\windows\system32\OPDB1LOC.DLL
2010-04-01 07:22 . 2004-03-31 09:53 86016 ----a-w- c:\windows\system32\OPSB1LOC.DLL
2010-04-01 07:22 . 2004-03-26 18:59 79360 ----a-w- c:\windows\system32\Oplmnb01.dll
2010-04-01 07:22 . 2004-01-13 09:33 28672 ----a-w- c:\windows\system32\OPRCLB01.DLL
2010-04-01 07:22 . 2004-01-13 09:31 32768 ----a-w- c:\windows\system32\OPCSTB01.DLL
2010-04-01 07:22 . 2003-06-23 11:52 36928 ----a-w- c:\windows\system32\drivers\OkiPar.sys
2010-04-01 07:22 . 2001-01-15 22:17 808 ----a-w- c:\windows\system32\OKIPAR.DAT
2010-03-27 16:29 . 2010-03-27 16:29 -------- d-----w- c:\program files\Adobe Media Player
2010-03-27 12:46 . 2010-03-27 12:46 3584 ----a-r- c:\documents and settings\Albievz\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-27 06:05 . 2010-03-27 06:05 -------- d-----w- c:\documents and settings\Albievz\Application Data\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-03-27 06:05 . 2010-03-27 05:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-27 05:11 . 2010-04-02 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-27 05:03 . 2010-03-27 05:03 -------- d-----w- c:\program files\7-Zip
2010-03-26 12:21 . 2010-03-26 12:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-26 08:16 . 2010-03-26 08:17 -------- d-----w- c:\documents and settings\Albievz\Application Data\DriverCure
2010-03-26 08:16 . 2010-03-26 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-03-26 08:16 . 2010-03-26 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-26 08:16 . 2010-03-26 08:16 -------- d-----w- c:\program files\ParetoLogic
2010-03-25 08:42 . 2010-03-25 09:28 -------- d-sh--w- c:\documents and settings\Albievz\Phone Browser
2010-03-24 09:31 . 2010-03-24 09:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-24 09:22 . 2010-03-26 12:53 -------- d-----w- c:\documents and settings\Albievz\Application Data\uTorrent
2010-03-24 09:16 . 2010-03-24 09:16 -------- d-----w- c:\program files\SyncToy 2.0
2010-03-24 09:16 . 2010-03-27 06:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-24 09:13 . 2010-03-24 09:13 -------- d-----w- c:\program files\Topaz Labs
2010-03-24 09:13 . 2010-03-24 09:14 -------- d-----w- c:\program files\Topaz Labs LLC
2010-03-24 07:49 . 2010-03-30 22:11 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Adobe
2010-03-24 07:28 . 2010-03-24 07:28 -------- d-----w- C:\found.000
2010-03-24 05:55 . 2010-03-24 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-23 13:29 . 2010-03-23 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2010-03-23 13:29 . 2010-03-23 13:30 -------- d-----w- c:\documents and settings\Albievz\Application Data\GoodSync
2010-03-23 10:41 . 2010-03-23 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-03-23 10:25 . 2010-03-23 13:29 -------- d-----w- c:\program files\Siber Systems
2010-03-22 21:45 . 2010-03-24 07:49 -------- d-----w- c:\program files\RegSupreme
2010-03-22 21:34 . 2010-03-24 07:49 -------- d-----w- c:\program files\MSConfig CleanUp
2010-03-22 10:45 . 2010-03-27 12:46 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-22 10:44 . 2010-03-27 12:45 -------- d-----w- c:\program files\MSECACHE
2010-03-22 05:00 . 2010-03-22 05:00 -------- d-----w- c:\program files\VS Revo Group
2010-03-21 21:03 . 2010-03-24 09:22 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-03-17 12:07 . 2010-03-17 12:07 -------- d-----w- c:\documents and settings\Albievz\Application Data\ImgBurn
2010-03-17 11:49 . 2010-03-24 05:56 -------- d-----w- c:\program files\ImgBurn
2010-03-13 23:48 . 2010-03-24 05:55 -------- d-----w- c:\documents and settings\x
2010-03-13 23:48 . 2010-03-13 23:48 -------- d-----w- c:\program files\Alwil Software
2010-03-07 20:58 . 2010-03-07 20:58 -------- d-----w- c:\documents and settings\Albievz\Bluetooth Software
2010-03-06 06:31 . 2010-03-06 06:31 -------- d-sh--w- c:\documents and settings\Albievz\PrivacIE
2010-03-05 19:09 . 2010-03-05 19:09 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-03-05 19:07 . 2010-03-05 19:07 -------- d-sh--w- c:\documents and settings\Albievz\IETldCache
2010-03-05 19:01 . 2010-03-06 09:01 -------- d-----w- c:\windows\ie8updates
2010-03-05 18:58 . 2010-03-05 18:59 -------- dc-h--w- c:\windows\ie8
2010-03-05 10:35 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-05 10:35 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-05 10:35 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-04 14:53 . 2010-03-05 08:56 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 14:51 . 2010-03-04 14:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-04 14:48 . 2010-03-04 14:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-04 14:47 . 2010-03-04 14:52 -------- d-----w- c:\windows\SHELLNEW
2010-03-04 14:46 . 2010-03-04 14:46 -------- d-----r- C:\MSOCache
2010-03-04 14:23 . 2010-04-01 06:34 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Temp
2010-03-04 09:53 . 2010-03-13 07:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-04 09:15 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-04 09:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 08:10 . 2009-12-09 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-04-02 10:59 . 2010-04-02 10:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-02 10:59 . 2010-04-02 10:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-02 10:44 . 2010-04-02 10:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-02 10:43 . 2010-04-02 10:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-02 09:50 . 2009-12-20 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-04-02 09:49 . 2009-12-20 12:53 -------- d-----w- c:\program files\Nokia
2010-04-02 09:47 . 2009-12-20 12:54 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-01 08:14 . 2009-10-17 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 07:22 . 2009-09-25 07:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 06:55 . 2010-01-26 16:11 -------- d-----w- c:\program files\PicPick
2010-03-30 09:21 . 2010-02-27 11:26 -------- d-----w- c:\program files\Opera
2010-03-29 22:46 . 2009-10-17 12:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-10-17 12:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:04 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-03-27 17:40 . 2009-09-25 08:40 116240 ----a-w- c:\documents and settings\Albievz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 16:32 . 2009-11-11 09:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-27 05:11 . 2009-09-29 10:35 -------- d-----w- c:\program files\Google
2010-03-26 14:44 . 2009-10-05 16:24 114688 ----a-w- c:\windows\keymail.dll
2010-03-26 13:05 . 2009-10-12 20:14 -------- d-----w- c:\documents and settings\Albievz\Application Data\IObit
2010-03-26 12:53 . 2009-11-01 04:18 -------- d-----w- c:\documents and settings\Albievz\Application Data\Any Video Converter
2010-03-26 12:53 . 2009-09-25 11:01 -------- d-----w- c:\documents and settings\Albievz\Application Data\HpUpdate
2010-03-26 12:53 . 2010-02-05 20:01 -------- d-----w- c:\program files\DAP
2010-03-26 12:53 . 2009-12-29 07:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 12:32 . 2009-11-04 19:19 -------- d-----w- c:\documents and settings\Albievz\Application Data\Uniblue
2010-03-26 08:43 . 2009-10-12 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-25 09:30 . 2009-12-20 12:54 -------- d-----w- c:\documents and settings\Albievz\Application Data\PC Suite
2010-03-24 05:56 . 2009-09-24 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-24 03:21 . 2010-01-21 08:33 -------- d-----w- c:\documents and settings\Albievz\Application Data\Skype
2010-03-17 15:06 . 2009-12-11 14:32 -------- d-----w- c:\documents and settings\Albievz\Application Data\MiniLyrics
2010-03-14 06:07 . 2009-10-29 12:41 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 06:07 . 2009-10-29 12:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 06:07 . 2009-10-29 12:41 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 06:07 . 2009-10-29 12:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 14:53 . 2009-09-24 17:58 -------- d-----w- c:\program files\MSBuild
2010-03-04 12:15 . 2010-03-04 08:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-04 11:03 . 2009-11-16 05:20 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-03-04 11:01 . 2009-12-06 16:02 -------- d-----w- c:\program files\Boris FX, Inc
2010-03-04 11:00 . 2009-12-28 13:05 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-04 08:14 . 2009-10-19 16:42 -------- d-----w- c:\program files\CCleaner
2010-03-04 08:02 . 2009-09-29 21:10 -------- d-----w- c:\documents and settings\Albievz\Application Data\Azureus
2010-03-04 07:17 . 2010-03-04 07:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 07:17 . 2009-09-28 21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 07:17 . 2010-03-04 07:17 -------- d-----w- c:\program files\Java
2010-03-04 07:12 . 2010-03-04 07:12 503808 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e0e276c-n\msvcp71.dll
2010-03-04 07:12 . 2010-03-04 07:12 499712 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e0e276c-n\jmc.dll
2010-03-04 07:12 . 2010-03-04 07:12 348160 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e0e276c-n\msvcr71.dll
2010-03-04 07:11 . 2010-03-04 07:11 61440 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-492f7e12-n\decora-sse.dll
2010-03-04 07:11 . 2010-03-04 07:11 12800 ----a-w- c:\documents and settings\Albievz\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-492f7e12-n\decora-d3d.dll
2010-03-03 19:21 . 2010-03-03 19:21 -------- d-----w- c:\program files\ESET
2010-02-28 15:08 . 2010-02-28 15:08 -------- d-----w- c:\program files\Trend Micro
2010-02-25 21:05 . 2009-12-06 15:49 -------- d-----w- c:\program files\Pinnacle
2010-02-25 21:01 . 2010-02-25 21:01 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-02-25 20:56 . 2010-02-25 20:56 29926 ----a-r- c:\documents and settings\Albievz\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-02-25 20:56 . 2010-02-25 20:56 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-02-25 20:54 . 2010-02-25 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2010-02-25 20:53 . 2009-12-06 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 14
2010-02-25 06:24 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-21 05:57 . 2009-09-24 17:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:51 . 2010-02-19 15:14 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2010-02-19 06:16 . 2009-11-01 04:18 -------- d-----w- c:\program files\Any Video Converter
2010-02-19 06:16 . 2010-02-19 06:16 -------- d-----w- c:\documents and settings\Albievz\Application Data\AnvSoft
2010-02-14 17:03 . 2010-02-14 17:02 -------- d-----w- c:\program files\Direct X
2010-02-11 16:27 . 2010-02-11 16:27 -------- d-----w- c:\documents and settings\Albievz\Application Data\LEAPS
2010-02-11 16:26 . 2010-02-11 16:26 -------- d-----w- c:\documents and settings\Albievz\Application Data\Pegasys Inc
2010-02-11 16:19 . 2010-02-11 16:19 -------- d-----w- c:\program files\Pegasys Inc
2010-02-07 09:46 . 2010-02-07 09:46 -------- d-----w- c:\program files\Haali
2010-02-07 09:44 . 2010-02-07 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VideoConverter
2010-02-06 10:51 . 2010-01-03 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-06 10:00 . 2010-02-06 09:59 -------- d-----w- c:\documents and settings\Albievz\Application Data\Vso
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\documents and settings\Albievz\Application Data\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\documents and settings\Albievz\Application Data\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 -------- d-----w- c:\program files\DVDFab 6
2010-02-05 21:38 . 2010-02-05 20:37 -------- d-----w- c:\documents and settings\Albievz\Application Data\Toolbar4
2010-02-05 20:42 . 2010-02-05 20:42 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-02-05 20:36 . 2010-02-05 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-02-05 20:35 . 2009-10-03 04:31 -------- d-----w- c:\program files\Minilyrics
2010-02-05 20:05 . 2010-02-05 20:05 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-01-26 11:46 . 2010-01-26 11:46 232712 ----a-w- c:\windows\system32\PDBoot.exe
2006-10-04 06:00 . 2006-10-04 06:00 733184 ----a-w- c:\program files\Common Files\InfoSlips.ForMe.exe
2010-02-05 20:01 . 2010-02-28 19:34 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Google Update "= "c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-04 135664]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-02-05 2815488]
"Advanced SystemCare 3 "= "c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Scheduler "= "c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"Recguard "= "c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"PAC7302_Monitor "= "c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"LanguageMonitor "= "c:\windows\system32\Oplmsb01.exe" [2004-01-09 94208]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-03-28 611712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 06:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 06:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0rmvirut.nt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\SMINST\\Scheduler.exe "=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/29/2009 2:41 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/29/2009 2:41 PM 242696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/09 21:36];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:07 AM 308064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/17/2009 2:34 PM 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/17/2009 2:34 PM 20824]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/25/2009 9:36 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 1:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 8:28 AM 172131]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys --> c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\AVG Free Tray Icon.job
- c:\progra~1\AVG\AVG9\avgtray.exe [2010-03-14 17:19]

2010-04-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 12:11]

2010-04-02 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2010-02-24 17:45]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2147074499-2109526056-1003Core.job
- c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 14:22]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2147074499-2109526056-1003UA.job
- c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 14:22]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13796&l=dis&q=
FF - component: c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\Albievz\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npASPlug.dll
FF - plugin: c:\program files\Opera\program\plugins\npHAPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'explorer.exe'(924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-03 10:43:38
ComboFix-quarantined-files.txt 2010-04-03 08:43
ComboFix2.txt 2010-04-02 05:00
ComboFix3.txt 2010-03-02 06:41

Pre-Run: 17,741,250,560 bytes free
Post-Run: 17,701,093,376 bytes free

- - End Of File - - 7761BAD133846DB4825F554237B92973

avz10 · 2010/04/03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:01 AM, on 4/3/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\Oplmsb01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Albievz\Desktop\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [LanguageMonitor] C:\WINDOWS\system32\Oplmsb01.exe OKI B4100
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11086 bytes

broni · 2010/04/03

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===================================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

avz10 · 2010/04/04

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, April 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, April 04, 2010 05:14:21
Records in database: 3913977
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 125039
Threats found: 5
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 08:17:44

File name / Threat / Threats count
C:\Documents and Settings\Albievz\My Documents\Azureus Downloads\TMPGEnc MPEG Editor 2.0 v2.2.8.177.7z Infected: Trojan-Downloader.Win32.Injecter.dps 1
C:\Documents and Settings\Albievz\My Documents\Downloads\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN-1\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN.rar Infected: not-a-virus:Server-Proxy.Win32.3proxy.af 1
C:\Documents and Settings\Albievz\My Documents\Downloads\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN-1\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN.rar Infected: Trojan-Downloader.Win32.Zlob.qrb 1
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Advanced SystemCare 3.4.0.rar Infected: Trojan-Downloader.NSIS.Agent.dv 1
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Advanced SystemCare 3.4.0.rar Infected: Trojan-Downloader.NSIS.Agent.dw 1
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Iobit Security 360 1.10.rar Infected: Trojan-Downloader.NSIS.Agent.dv 1
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Iobit Security 360 1.10.rar Infected: Trojan-Downloader.NSIS.Agent.dw 1

Selected area has been scanned.

avz10 · 2010/04/04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:19 PM, on 4/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\Oplmsb01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Albievz\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [LanguageMonitor] C:\WINDOWS\system32\Oplmsb01.exe OKI B4100
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11637 bytes

broni · 2010/04/04

Please download OTM

Save it to your desktop.

Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Processes

:Services

:Reg

:Files
C:\Documents and Settings\Albievz\My Documents\Azureus Downloads\TMPGEnc MPEG Editor 2.0 v2.2.8.177.7z 
C:\Documents and Settings\Albievz\My Documents\Downloads\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN-1\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN.rar 
C:\Documents and Settings\Albievz\My Documents\Downloads\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN-1\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN.rar 
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Advanced SystemCare 3.4.0.rar 
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Advanced SystemCare 3.4.0.rar 
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Iobit Security 360 1.10.rar 
C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Iobit Security 360 1.10.rar
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

avz10 · 2010/04/05

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Documents and Settings\Albievz\My Documents\Azureus Downloads\TMPGEnc MPEG Editor 2.0 v2.2.8.177.7z not found.
File/Folder C:\Documents and Settings\Albievz\My Documents\Downloads\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN-1\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN.rar not found.
File/Folder C:\Documents and Settings\Albievz\My Documents\Downloads\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN-1\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN.rar not found.
File/Folder C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Advanced SystemCare 3.4.0.rar not found.
File/Folder C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Advanced SystemCare 3.4.0.rar not found.
File/Folder C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Iobit Security 360 1.10.rar not found.
File/Folder C:\Documents and Settings\Albievz\My Documents\Downloads\SystemCare Pro v3.40 Security 360 Pro v1.10\Iobit Security 360 1.10.rar not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Albievz
->Temp folder emptied: 4681794 bytes
->Temporary Internet Files folder emptied: 2135404 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7943146 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: x
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4101649 bytes

Total Files Cleaned = 18.00 mb

OTM by OldTimer - Version 3.1.10.1 log created on 04052010_130928

broni · 2010/04/05

Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator ")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.

After the reboot all the tools we used should be gone.

The tool will delete itself once it finishes.

===============================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Albievz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

5. Click on Fix checked button.

6. Restart computer.

When done...

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

avz10 · 2010/04/11

Thanks broni!

Laptop is working fine
Albie

avz10 · 2010/04/11

I want to mark the thread as resolved, but if I click on Thread tools, it only gives me 3 options : printable; email and unsubscribe.

Help please!

broni · 2010/04/11

I'm glad to hear good news
Happy surfing

In this forum, only I can mark the thread as resolved...

Log in or Sign up

Solved Is it safe to delete these items found by Malware scan?

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Is it safe to delete these items found by Malware scan?

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches