Active Check up for Malware-"unstable connection"

[Active] Check up for Malware- "unstable connection "

Hi there! This is a low priority as I don't see any threat on my desktop PC but I might ask for your advice if my problem as any connection on my internet connection being un-stable.

Chris here and I just want your opinion on my desktop situation. Recently, for the past 3 weeks, I'm having some connection problems. We already changed the lines, the modem and telephone.

I also checked for malware through COMBOFIX and this is the result:

ComboFix 10-03-07.05 - club_ECGR 03/08/2010 17:40:44.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.871 [GMT 8:00]
Running from: c:\users\club_ECGR\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\VB6KO.DLL

I don't see any threat here so I'll post the DDS for you to check throughly.


DDS (Ver_09-06-26.01) - NTFSx86
Run by club_ECGR at 22:24:47.51 on Thu 03/11/2010
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1066 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\club_ECGR\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\documents and settings\default user\local settings\temp\bsasee3y5d\IDMIECC.dll
BHO: Anonymizer Proxy: {0db66ba8-5e1f-4963-93d1-e1d6b78fe9a2} - c:\program files\netconeal\anonymity shield\ProxyNew.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: IDA Bar: {c70e30c7-140a-4166-a2e8-43557e62b41a} - c:\program files\ida\idabar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
dRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /0
uPolicies-explorer: NoFolderOption = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - c:\program files\ida\ida.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\club_e~1\appdata\roaming\mozilla\firefox\profiles\5g0qxon6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-8 335240]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-8 297752]
R2 DeskSaverService;DeskSaverService;c:\program files\1st security agent\newlock.exe [2008-12-20 1453056]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-12 603904]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2010-3-8 14336]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2008-4-14 29184]
S2 ktglve;Helper Boot;c:\windows\system32\svchost.exe -k netsvcs [2008-7-15 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-10 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-6 10976]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-10-17 103040]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-4-28 32377]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-11-26 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-11-26 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-11-26 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-11-26 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-11-26 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-11-26 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-11-26 117672]

=============== Created Last 30 ================

2010-03-11 20:50 54,156 a---h--- c:\windows\QTFont.qfn
2010-03-11 20:50 1,409 a------- c:\windows\QTFont.for
2010-03-08 18:46 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-08 18:46 <DIR> --d----- c:\program files\PC Connectivity Solution
2010-03-08 17:58 36,864 a------- c:\windows\system32\Amhooker.dll
2010-03-08 17:58 14,336 a------- c:\windows\system32\drivers\Amusbprt.sys
2010-03-08 17:58 14,336 a------- c:\windows\system32\drivers\Amps2prt.sys
2010-03-08 17:58 10,752 a------- c:\windows\system32\drivers\Arfumx86.sys
2010-03-08 17:58 8,704 a------- c:\windows\system32\drivers\Amfilter.sys
2010-03-08 17:52 <DIR> --dsh--- C:\$RECYCLE.BIN
2010-03-08 17:36 <DIR> --d----- C:\ComboFix
2010-02-27 22:55 <DIR> --d----- c:\users\club_e~1\appdata\roaming\AVS4YOU

==================== Find3M ====================

2010-03-08 18:46 86,016 a------- c:\windows\inf\infpub.dat
2010-03-08 18:46 143,360 a------- c:\windows\inf\infstrng.dat
2010-03-08 18:46 143,360 a------- c:\windows\inf\infstor.dat
2010-02-24 09:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-01-28 12:14 85,504 a------- c:\windows\system32\ff_vfw.dll
2010-01-21 14:53 18,048 a------- c:\windows\system32\drivers\ccdcmb.sys
2010-01-04 17:40 23,312 a------- c:\windows\system32\_shfoldr.dll
2010-01-01 10:43 848 a--sh--- c:\programdata\KGyGaAvL.sys
2010-01-01 10:43 848 a--sh--- c:\progra~2\KGyGaAvL.sys
2010-01-01 10:43 88 ---shr-- c:\programdata\46DE2379E5.sys
2010-01-01 10:43 88 ---shr-- c:\progra~2\46DE2379E5.sys
2010-01-01 10:43 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-12-30 11:30 660,480 a------- c:\windows\system32\nmwcdcocls.dll
2009-12-30 11:30 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-06-09 11:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-08-19 12:52 47,360 a------- c:\users\club_e~1\appdata\roaming\pcouffin.sys
2008-07-18 19:08 174 a--sh--- c:\program files\desktop.ini
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-06-25 06:48 32,768 a------- c:\windows\inf\UpdateUSB.exe
2007-06-03 17:21 108 a--shr-- c:\windows\neoqaz2.dll
2009-06-10 11:53 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-10 11:53 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-10 11:53 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-10 11:53 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-07-28 20:12 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-07-28 20:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008072820080729\index.dat
2009-08-18 20:56 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 22:26:32.84 ===============

 

I'm still not convinced since some part of our neighboring cities also have un-stable connections due to blackouts. But I was intrigued to why the main city of my country doesn't have this issue, only us, northernpeople, has this issue.

Thank you for your time in my problem and I hope it's not too serious.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2008 2:53:16 AM
System Uptime: 3/12/2010 9:44:29 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | LGA 775 | 2527/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 3.775 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 20.281 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP526: 3/8/2010 6:42:51 PM - Device Driver Package Install: Nokia Wireless Communication Devices
RP527: 3/8/2010 6:43:18 PM - Device Driver Package Install: Nokia Wireless Communication Devices
RP528: 3/8/2010 6:43:43 PM - Device Driver Package Install: Nokia Modems
RP529: 3/8/2010 6:44:06 PM - Device Driver Package Install: Nokia Ports (COM & LPT)
RP530: 3/8/2010 6:44:28 PM - Device Driver Package Install: Nokia Wireless Communication Devices
RP531: 3/8/2010 6:44:52 PM - Device Driver Package Install: Nokia Wireless Communication Devices
RP532: 3/8/2010 6:46:05 PM - Device Driver Package Install: Nokia Portable Devices
RP534: 3/11/2010 5:19:15 AM - Avg8 Update

==== Installed Programs ======================

1st Security Agent
7-Zip 4.65
ABBYY FineReader OCR Engine for Microtek
AC3Filter 1.61b
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Ask Toolbar
ASUSUpdate
Atheros Communications Inc.(R) L2 Fast Ethernet Driver
ATI Catalyst Install Manager
Avanquest update
AVG Free 8.5
AviSynth 2.5
AVIVO Codecs
AVS DVD Copy version 4.1.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BookWorm Deluxe
Carbide.ui Theme Edition 3.2.1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Choice Guard
Combined Community Codec Pack 2008-01-24
Corel Painter Essentials 4
CorelDRAW Graphics Suite X3
DivX Converter
DivX Web Player
DVDFab Ghosthunter release 5.0.8.5
DVDFab Platinum 3.1.7.6 Ghosthunter release
EASEUS Data Recovery Wizard Professional 4.3.6
EN
ffdshow [rev 3233] [2010-01-28]
FontNav
foobar2000 v0.9.6.8
Free Video to iPod Converter version 3.1
Free WMA to MP3 Converter 1.16
Globe Broadband
GoldWave v5.22
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
iTunes
iWheelWorks 7.80
Java(TM) 6 Update 14
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.1.7 (Full)
Learning Essentials for Microsoft Office
LogonStudio Vista
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Math
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2008
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.8)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Demo
neroxml
NetConceal Anonymity Shield
Nokia Connectivity Cable Driver
Nokia Download!
Nokia Map Loader
Nokia PC Suite
Nokia Software Updater
OpenOffice.org Installer 1.0
Opera 9.51
Opera 9.52
PC Connectivity Solution
PowerDVD
PowerDVD Ultra
PowerISO
QuickTime
RadarSync PC Updater
RealPlayer
Realtek High Definition Audio Driver
Recuva
ScanWizard 5
SDFormatter
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SIW version 2008-10-28
Skins
Slife
Sony Ericsson PC Suite 4.010.00
Spy Sweeper
TuneUp Utilities 2009
Uniblue PowerSuite
Uniblue SpyEraser
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update Manager
Update Service
Uzzap
VBA
VideoLAN VLC media player 0.8.5
ViviCam V35
vixy converter uninstall
VSO CopyToDVD 4
WinAce Archiver
Winamp
WinAVI Video Converter
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
Windows Vista Upgrade Advisor
WinFF 1.0.4
WinRAR archiver
World of Warcraft FREE Trial
Xilisoft Video Converter Ultimate
xplorer² professional
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

3/8/2010 6:46:04 PM, Error: Service Control Manager [7030] - The ServiceLayer service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2010 5:50:12 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2010 5:42:56 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/8/2010 5:39:53 PM, Error: Service Control Manager [7034] - The DeskSaverService service terminated unexpectedly. It has done this 1 time(s).
3/12/2010 9:46:33 AM, Error: Service Control Manager [7023] - The Helper Boot service terminated with the following error: The specified module could not be found.
3/12/2010 9:46:33 AM, Error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

 

ComboFix 10-03-07.05 - club_ECGR 03/08/2010 17:40:44.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.871 [GMT 8:00]
Running from: c:\users\club_ECGR\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:50 -------- d-----w- c:\users\club_ECGR\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\users\wala\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-03-08 09:49 . 2010-03-08 09:49 -------- d-----w- c:\users\Administrator.CHRISSKYLOCK\AppData\Local\temp
2010-02-27 14:55 . 2010-02-27 14:55 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\AVS4YOU
2010-02-08 00:54 . 2010-02-08 00:54 50354 ----a-w- c:\users\wala\AppData\Roaming\Facebook\uninstall.exe
2010-02-08 00:54 . 2010-02-08 00:54 -------- d-----w- c:\users\wala\AppData\Roaming\Facebook
2010-02-07 08:43 . 2010-02-07 08:43 -------- d-----w- c:\program files\EASEUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

2010-03-07 04:53 . 2008-08-13 13:53 -------- d-----w- c:\users\wala\AppData\Roaming\DMCache
2010-03-05 11:14 . 2008-07-10 04:20 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-03-02 12:47 . 2008-08-12 12:42 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\DMCache
2010-02-27 14:55 . 2009-12-25 02:06 -------- d-----w- c:\program files\AVS4YOU
2010-02-27 13:50 . 2008-08-22 05:20 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\dvdcss
2010-02-24 01:16 . 2009-10-05 03:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-07 08:43 . 2008-07-10 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 16:39 . 2008-07-30 11:38 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\PC Suite
2010-02-05 16:29 . 2008-08-15 18:41 680 ----a-w- c:\users\club_ECGR\AppData\Local\d3d9caps.dat
2010-02-03 13:33 . 2008-07-18 14:15 -------- d-----w- c:\program files\ffdshow
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\wala\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\wala\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-02-01 07:16 . 2008-11-26 12:42 -------- d-----w- c:\program files\Avanquest update
2010-01-30 06:52 . 2010-01-30 06:52 -------- d-----w- c:\program files\Panasonic
2010-01-30 05:51 . 2010-01-30 05:51 -------- d-----w- c:\program files\Recuva
2010-01-28 04:14 . 2008-07-18 14:15 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-09 16:07 . 2008-08-17 10:39 -------- d-----w- c:\program files\ATI
2010-01-04 09:40 . 2010-01-04 09:30 23312 ----a-w- c:\windows\system32\_shfoldr.dll
2010-01-01 04:22 . 2008-07-30 15:16 108304 ----a-w- c:\users\club_ECGR\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-01 02:43 . 2010-01-01 02:43 88 --sh--r- c:\programdata\46DE2379E5.sys
2010-01-01 02:43 . 2010-01-01 02:43 88 --sh--r- c:\programdata\46DE2379E5.sys
2010-01-01 02:43 . 2010-01-01 02:43 848 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-01 02:43 . 2010-01-01 02:43 848 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-01 02:43 . 2009-03-18 06:33 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-01 02:42 . 2008-07-20 23:15 108304 ----a-w- c:\users\wala\AppData\Local\GDIPFONTCACHEV1.DAT
2007-06-03 09:21 . 2007-06-03 09:21 108 --sha-r- c:\windows\neoqaz2.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-23_18.00.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-10 05:11 . 2010-03-08 09:39 67942 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-08 09:40 79102 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-31 03:20 . 2010-03-08 09:40 12842 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1016874198-1556422448-4048916194-1003_UserData.bin
+ 2008-07-19 14:55 . 2010-03-07 04:54 14462 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1016874198-1556422448-4048916194-1002_UserData.bin
+ 2010-01-30 06:52 . 2006-02-27 03:45 36864 c:\windows\System32\SDDEVMGR.dll
+ 2009-12-25 02:06 . 2003-05-21 04:50 24576 c:\windows\System32\msxml3a.dll
- 2008-07-10 11:24 . 2009-09-16 03:05 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2008-07-10 11:24 . 2010-02-18 05:23 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2006-11-02 13:02 . 2009-11-21 04:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-03-08 03:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-03-08 03:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-11-21 04:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-04 09:30 . 2010-01-04 09:40 23312 c:\windows\System32\_shfoldr.dll
- 2009-05-11 10:07 . 2009-09-25 13:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-11 10:07 . 2010-03-06 11:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-11 10:07 . 2010-03-06 11:28 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-11 10:07 . 2009-09-25 13:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-11 10:07 . 2009-09-25 13:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-11 10:07 . 2010-03-06 11:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 02:41 . 2010-01-01 02:41 82726 c:\windows\Installer\{E1A63F75-1F72-4450-980D-434496FFC646}\ARPPRODUCTICON.exe
+ 2010-01-02 00:05 . 2010-01-02 00:05 22486 c:\windows\Installer\{07A0541F-4A40-4F0A-8E98-4D3CEC08FE2B}\_A76C46D091207CD60DCEBA.exe
+ 2010-01-02 00:05 . 2010-01-02 00:05 22486 c:\windows\Installer\{07A0541F-4A40-4F0A-8E98-4D3CEC08FE2B}\_6EB6019D704E55EED87768.exe
+ 2006-11-02 10:25 . 2010-02-18 05:57 86016 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-11-23 16:02 86016 c:\windows\inf\infpub.dat
+ 2008-07-10 08:50 . 2010-02-28 02:29 3206 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-07-10 08:50 . 2009-11-04 04:50 3206 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2010-02-28 02:40 . 2010-02-28 02:40 9560 c:\windows\System32\networklist\icons\{5F6F8027-1774-48BB-B3F4-8B1EC8484731}_48.bin
+ 2010-02-28 02:40 . 2010-02-28 02:40 4280 c:\windows\System32\networklist\icons\{5F6F8027-1774-48BB-B3F4-8B1EC8484731}_32.bin
+ 2010-02-28 02:40 . 2010-02-28 02:40 2456 c:\windows\System32\networklist\icons\{5F6F8027-1774-48BB-B3F4-8B1EC8484731}_24.bin
+ 2010-02-18 06:38 . 2010-02-18 06:38 9560 c:\windows\System32\networklist\icons\{36F5B9EB-99CC-45EB-9EBF-EA6017F48BC9}_48.bin
+ 2010-02-18 06:38 . 2010-02-18 06:38 4280 c:\windows\System32\networklist\icons\{36F5B9EB-99CC-45EB-9EBF-EA6017F48BC9}_32.bin
+ 2010-02-18 06:38 . 2010-02-18 06:38 2456 c:\windows\System32\networklist\icons\{36F5B9EB-99CC-45EB-9EBF-EA6017F48BC9}_24.bin
+ 2009-10-14 11:07 . 2009-11-27 14:53 8224 c:\windows\System32\GDIPFONTCACHEV1.DAT
- 2009-10-14 11:07 . 2009-10-14 11:07 8224 c:\windows\System32\GDIPFONTCACHEV1.DAT
- 2009-11-23 17:45 . 2009-11-23 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-08 09:38 . 2010-03-08 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-23 17:45 . 2009-11-23 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-08 09:38 . 2010-03-08 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-08 03:48 . 2010-01-13 11:09 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 03:48 . 2008-11-08 03:48 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 03:48 . 2008-11-08 03:48 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2008-11-08 03:48 . 2010-01-13 11:09 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 03:48 . 2008-11-08 03:48 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2008-11-08 03:48 . 2010-01-13 11:09 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 03:48 . 2008-11-08 03:48 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2008-11-08 03:48 . 2010-01-13 11:09 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-01-13 11:09 . 2010-01-13 11:09 9158 c:\windows\Installer\{BAA1ED77-ECDB-3E55-FCA9-5DED95BB827C}\ARPPRODUCTICON.exe
+ 2008-11-08 04:05 . 2010-01-09 15:47 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 04:05 . 2008-11-08 04:05 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 04:05 . 2008-11-08 04:05 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2008-11-08 04:05 . 2010-01-09 15:47 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2008-11-08 04:05 . 2010-01-09 15:47 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 04:05 . 2008-11-08 04:05 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2008-11-08 04:05 . 2010-01-09 15:47 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2008-11-08 04:05 . 2008-11-08 04:05 9158 c:\windows\Installer\{A7CEEA0B-19F6-1D77-972A-E0CFE6D8857E}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
- 2006-11-02 10:33 . 2009-11-23 16:04 598350 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-02 22:58 598350 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-02 22:58 101988 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-23 16:04 101988 c:\windows\System32\perfc009.dat
+ 2009-12-25 02:06 . 2002-01-05 06:40 487424 c:\windows\System32\msvcp70.dll
+ 2009-12-25 02:06 . 2002-01-05 07:48 974848 c:\windows\System32\mfc70.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-11-02 12:47 . 2010-01-01 08:26 396080 c:\windows\System32\FNTCACHE.DAT
+ 2010-01-04 09:32 . 2006-05-24 02:45 176128 c:\windows\system\FTD2XX.dll
+ 2009-12-25 02:07 . 2009-12-25 02:07 331264 c:\windows\Installer\8aca8.msi
+ 2010-01-09 15:47 . 2010-01-09 15:47 213504 c:\windows\Installer\6a946.msi
+ 2010-01-02 00:05 . 2010-01-02 00:05 371712 c:\windows\Installer\36396b.msi
+ 2006-11-02 10:25 . 2010-02-18 05:57 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-11-23 16:02 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:22 . 2009-11-09 11:06 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-01-09 15:47 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2010-01-01 02:41 . 2010-01-01 02:41 2784256 c:\windows\Installer\5d11df.msi
+ 2010-01-13 11:09 . 2010-01-13 11:09 1233408 c:\windows\Installer\46527.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 02:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-10-26 3810544]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CollaborationHost "= "c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel "= "Skytel.exe" [2007-10-11 1826816]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-31 4702208]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-19 2043160]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"WheelMouse "= "c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-05 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper "= "c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-06-28 3209728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOption "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\J:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
backup=c:\windows\pss\Microtek Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
2008-07-06 08:50 1453056 ----a-w- c:\program files\1st Security Agent\newlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2007-11-17 03:20 91432 ------r- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaDefault]
2007-08-28 09:11 36864 ----a-w- c:\progra~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-05-16 02:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-06-14 08:24 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 04:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 10:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-06-23 03:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 07:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-10 04:30 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-10-28 01:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 08:16 393216 ------w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2004-06-28 09:16 3209728 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 07:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-01 13:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-26 06:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):a1,63,db,c4,b5,e8,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1016874198-1556422448-4048916194-1002]
"EnableNotificationsRef "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1016874198-1556422448-4048916194-1003]
"EnableNotificationsRef "=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-18 685816]
R2 DeskSaverService;DeskSaverService;c:\program files\1st Security Agent\newlock.exe [2008-07-06 1453056]
R2 ktglve;Helper Boot;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-06 10976]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-18 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-06-16 14336]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2008-04-14 29184]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ktglve
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 08:28]

2010-02-27 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]

2008-08-08 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-07-25 01:50]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{56FE31A1-628D-4FD9-8E4B-5677D93FE47D}.job
- c:\windows\system32\msfeedssync.exe [2009-08-03 20:13]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{C0EBF6E0-2ABC-4F77-80C0-FBC68A0BC0C3}.job
- c:\windows\system32\msfeedssync.exe [2009-08-03 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\club_ECGR\AppData\Roaming\Mozilla\Firefox\Profiles\5g0qxon6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IDMan - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 17:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ktglve]
"ServiceDll "= "c:\windows\system32\tpgsn.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #9*ä*]
@Class= "Shell "
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #9*ä*\OpenWithList]
@Class= "Shell "

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j%c*f*]
@Class= "Shell "
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j%c*f*\OpenWithList]
@Class= "Shell "

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):b2,8d,ae,03,b2,34,3d,fc,b2,7a,ea,ab,f7,35,d9,ca,f7,2f,4b,27,76,
1a,7e,9e,fe,6a,d0,54,3e,f2,32,23,c2,7e,1d,86,63,c2,a3,13,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003_Classes\CLSID\{ca7c6a61-12ee-43f8-a4bd-b223f5b25ca7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model "=dword:0000015d
"Therad "=dword:0000001f
"MData "=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,2a,be,97,19,e6,6d,2a,9e,94,92,2f,15,71,8c,24,86,78,ac,f1,fa,df,78,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-03-08 17:52:14
ComboFix-quarantined-files.txt 2010-03-08 09:52
ComboFix2.txt 2009-11-23 18:02
ComboFix3.txt 2009-08-13 19:44
ComboFix4.txt 2009-08-13 18:33
ComboFix5.txt 2010-03-08 09:38

Pre-Run: 3,180,867,584 bytes free
Post-Run: 5,312,049,152 bytes free

- - End Of File - - 2CFEE8CEE3B0DE0D1EB15C600DE20917

 

I don't remember using Combofix this month aside from the the time of the un-stable connection problem but here's the ComboFix5.txt that was found in the Qoobox folder in the Drive C and it shows it's from 2009 (according to the txt file)

Perhaps I re-saved it after looking at it recently but I dont remember doing something at it.

[old log deleted - Broni]

 

Nope. I only see ComboFix.txt file. No ComboFix5.txt in C:\

http://i209.photobucket.com/albums/bb215/projectsky/cdrive2.jpg

I don't think this is malware related as I can have stable connection at certain time (like 2 nights in a row) but who am I to decide about that?

The modem blinks and has lights and then after some few seconds, it's gone. Using my laptop thru router is the same while this desktop is close. Reseting both modem and router is still the same while both laptop and desktop are off.

They kept on telling me it's caused by a malware so I am now here seeking for some advice.

My ISP is also testing if their lines are defective but I have now some evidence on my side if it's a malware or not.

Also, I don't want to pressure anyone but I may not be able to update this topic for the next days so it may be marked as INACTIVE for the next 2-4 days because I'll be away


Regards,
Chris

 

ComboFix.txt as instructed. HijackThis will follow

ComboFix 10-03-11.02 - club_ECGR 03/12/2010 12:53:10.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1145 [GMT 8:00]
Running from: c:\users\club_ECGR\Desktop\ComboFix.exe
Command switches used :: c:\users\club_ECGR\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\programdata\46DE2379E5.sys "
"c:\windows\system32\tpgsn.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\46DE2379E5.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ktglve


((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\users\wala\AppData\Local\temp
2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-03-12 05:00 . 2010-03-12 05:00 -------- d-----w- c:\users\Administrator.CHRISSKYLOCK\AppData\Local\temp
2010-03-08 10:46 . 2008-08-26 01:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-08 10:46 . 2010-03-08 10:46 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-08 09:58 . 2007-12-25 09:08 14336 ----a-w- c:\windows\system32\drivers\Amusbprt.sys
2010-03-08 09:58 . 2007-10-07 18:44 10752 ----a-w- c:\windows\system32\drivers\Arfumx86.sys
2010-03-08 09:58 . 2007-06-16 17:00 14336 ----a-w- c:\windows\system32\drivers\Amps2prt.sys
2010-03-08 09:58 . 2007-02-10 14:17 36864 ----a-w- c:\windows\system32\Amhooker.dll
2010-03-08 09:58 . 2007-01-24 09:46 8704 ----a-w- c:\windows\system32\drivers\Amfilter.sys
2010-03-08 09:52 . 2010-03-12 05:02 -------- d-----w- c:\users\club_ECGR\AppData\Local\temp
2010-02-27 14:55 . 2010-02-27 14:55 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 08:48 . 2008-07-10 04:20 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-03-08 10:46 . 2008-07-10 11:10 -------- d-----w- c:\programdata\Installations
2010-03-08 10:42 . 2008-07-10 11:11 -------- d-----w- c:\program files\Nokia
2010-03-08 10:41 . 2008-07-10 11:12 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-08 10:41 . 2010-03-08 10:41 36864 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\Sleep.exe
2010-03-08 10:41 . 2010-03-08 10:41 3351812 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-08 10:41 . 2010-03-08 10:41 3203453 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-08 10:41 . 2010-03-08 10:41 34635712 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\NokiaSoftwareUpdaterSetup_2.4.5EN.exe
2010-03-07 04:53 . 2008-08-13 13:53 -------- d-----w- c:\users\wala\AppData\Roaming\DMCache
2010-03-02 12:47 . 2008-08-12 12:42 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\DMCache
2010-02-27 14:55 . 2009-12-25 02:06 -------- d-----w- c:\program files\AVS4YOU
2010-02-27 13:50 . 2008-08-22 05:20 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\dvdcss
2010-02-24 01:16 . 2009-10-05 03:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-08 00:54 . 2010-02-08 00:54 50354 ----a-w- c:\users\wala\AppData\Roaming\Facebook\uninstall.exe
2010-02-08 00:54 . 2010-02-08 00:54 -------- d-----w- c:\users\wala\AppData\Roaming\Facebook
2010-02-07 08:43 . 2010-02-07 08:43 -------- d-----w- c:\program files\EASEUS
2010-02-07 08:43 . 2008-07-10 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 16:39 . 2008-07-30 11:38 -------- d-----w- c:\users\club_ECGR\AppData\Roaming\PC Suite
2010-02-05 16:29 . 2008-08-15 18:41 680 ----a-w- c:\users\club_ECGR\AppData\Local\d3d9caps.dat
2010-02-03 13:33 . 2008-07-18 14:15 -------- d-----w- c:\program files\ffdshow
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\wala\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\wala\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-02-01 07:16 . 2008-11-26 12:42 -------- d-----w- c:\program files\Avanquest update
2010-01-30 06:52 . 2010-01-30 06:52 -------- d-----w- c:\program files\Panasonic
2010-01-30 05:51 . 2010-01-30 05:51 -------- d-----w- c:\program files\Recuva
2010-01-28 04:14 . 2008-07-18 14:15 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-21 06:53 . 2010-01-21 06:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-04 09:40 . 2010-01-04 09:30 23312 ----a-w- c:\windows\system32\_shfoldr.dll
2010-01-01 04:22 . 2008-07-30 15:16 108304 ----a-w- c:\users\club_ECGR\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-01 02:43 . 2010-01-01 02:43 848 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-01 02:43 . 2010-01-01 02:43 848 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-01 02:43 . 2009-03-18 06:33 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-01 02:42 . 2008-07-20 23:15 108304 ----a-w- c:\users\wala\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 03:30 . 2009-12-30 03:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-30 03:30 . 2008-07-10 11:11 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2007-06-03 09:21 . 2007-06-03 09:21 108 --sha-r- c:\windows\neoqaz2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 02:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CollaborationHost "= "c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel "= "Skytel.exe" [2007-10-11 1826816]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-31 4702208]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-19 2043160]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"WheelMouse "= "c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-05 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper "= "c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-06-28 3209728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOption "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\J:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
backup=c:\windows\pss\Microtek Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
2008-07-06 08:50 1453056 ----a-w- c:\program files\1st Security Agent\newlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2007-11-17 03:20 91432 ------r- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaDefault]
2007-08-28 09:11 36864 ----a-w- c:\progra~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-05-16 02:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-06-14 08:24 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 04:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 10:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-06-23 03:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 07:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-10 04:30 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-10-28 01:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 08:16 393216 ------w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2004-06-28 09:16 3209728 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 07:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-01 13:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-26 06:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):a1,63,db,c4,b5,e8,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1016874198-1556422448-4048916194-1002]
"EnableNotificationsRef "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1016874198-1556422448-4048916194-1003]
"EnableNotificationsRef "=dword:00000001

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-06 10976]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-18 685816]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-18 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]
S2 DeskSaverService;DeskSaverService;c:\program files\1st Security Agent\newlock.exe [2008-07-06 1453056]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-06-16 14336]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2008-04-14 29184]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 08:28]

2010-03-11 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]

2008-08-08 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-07-25 01:50]

2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{56FE31A1-628D-4FD9-8E4B-5677D93FE47D}.job
- c:\windows\system32\msfeedssync.exe [2009-08-03 20:13]

2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{C0EBF6E0-2ABC-4F77-80C0-FBC68A0BC0C3}.job
- c:\windows\system32\msfeedssync.exe [2009-08-03 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\club_ECGR\AppData\Roaming\Mozilla\Firefox\Profiles\5g0qxon6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 13:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x846591E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x889a1d24
\Driver\ACPI -> acpi.sys @ 0x80dafd68
\Driver\atapi -> 0x846591e8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #9*ä*]
@Class= "Shell "
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #9*ä*\OpenWithList]
@Class= "Shell "

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j%c*f*]
@Class= "Shell "
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j%c*f*\OpenWithList]
@Class= "Shell "

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):b2,8d,ae,03,b2,34,3d,fc,b2,7a,ea,ab,f7,35,d9,ca,f7,2f,4b,27,76,
1a,7e,9e,fe,6a,d0,54,3e,f2,32,23,c2,7e,1d,86,63,c2,a3,13,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1016874198-1556422448-4048916194-1003_Classes\CLSID\{ca7c6a61-12ee-43f8-a4bd-b223f5b25ca7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model "=dword:0000015d
"Therad "=dword:0000001f
"MData "=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,2a,be,97,19,e6,6d,2a,9e,94,92,2f,15,71,8c,24,86,78,ac,f1,fa,df,78,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3680)
c:\windows\system32\Amhooker.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TUProgSt.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-03-12 13:09:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-12 05:09
ComboFix2.txt 2010-03-08 09:52
ComboFix3.txt 2009-11-23 18:02
ComboFix4.txt 2009-08-13 19:44
ComboFix5.txt 2010-03-12 04:51

Pre-Run: 4,699,013,120 bytes free
Post-Run: 4,410,224,640 bytes free

- - End Of File - - E4813C7669BBF03888C9740D08DBBCC3

 

HiJackThis log as instructed after ComboFix.

Modem has been reset. No router nearby.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:22:56 PM, on 3/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (file missing)
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConeal\Anonymity Shield\ProxyNew.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\1st Security Agent\newlock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 8717 bytes

 

Err....what? (looking at mbr.log) Anyway, here's MBR.log as instructed

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

I'm not too sure if this is a log or not?

 

MBAM log.

Malwarebytes' Anti-Malware 1.44
Database version: 3857
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18813

3/12/2010 3:19:09 PM
mbam-log-2010-03-12 (15-19-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102238
Time elapsed: 52 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.