Active Error message after removing SP3

avz10 · 2010/02/28

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 06:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0rmvirut.nt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\WINDOWS\\SMINST\\Scheduler.exe "=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe "=
"c:\\Program Files\\Vuze\\Azureus.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe "=
"c:\\Program Files\\Opera\\opera.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/29/2009 2:41 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/29/2009 2:41 PM 360584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/09 21:36];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/14/2009 9:55 PM 285392]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/25/2009 9:36 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 1:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 8:28 AM 172131]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys --> c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13796&l=dis&q=
FF - component: c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

avz10 · 2010/02/28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:06 PM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\PicPick\picpick.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10572 bytes

broni · 2010/02/28

Bottom part of Combofix log is missing.
Since the file is really long...

Upload the file here: http://uploadmb.com/
Post download link.

avz10 · 2010/03/01

This is the link. Hope it works.

http://www.uploadmb.com/dw.php?id=1267427764

This is a new/relatively similar error message that I am receiving:

broni · 2010/03/01

Same issue.
Please, re-run Combofix.

avz10 · 2010/03/01

ComboFix 10-03-01.01 - Albievz 03/01/2010 21:29:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.258 [GMT 2:00]
Running from: c:\documents and settings\Albievz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 05:44 . 2010-03-01 05:44 114688 ----a-w- c:\windows\system32\chg.exe
2010-02-28 15:08 . 2010-02-28 15:08 -------- d-----w- c:\program files\Trend Micro
2010-02-27 11:27 . 2010-02-27 11:27 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Opera
2010-02-27 11:26 . 2010-02-27 11:27 -------- d-----w- c:\program files\Opera
2010-02-26 09:53 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-26 09:53 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-26 09:53 . 2004-08-03 22:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-02-26 09:53 . 2004-08-03 22:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-02-26 09:53 . 2001-08-17 12:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-02-26 09:53 . 2001-08-17 12:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-02-25 21:20 . 2010-02-25 21:20 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Pinnacle
2010-02-25 21:01 . 2010-02-25 21:01 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-02-25 21:01 . 2010-02-25 21:01 -------- d-----w- c:\program files\SureThing Express Labeler
2010-02-25 20:56 . 2010-02-25 20:56 29926 ----a-r- c:\documents and settings\Albievz\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-02-25 20:56 . 2010-02-25 20:56 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-02-25 20:54 . 2010-02-25 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 14
2010-02-19 15:14 . 2010-02-19 19:51 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2010-02-19 15:13 . 2004-12-01 12:43 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-02-19 15:13 . 2004-08-02 13:09 450560 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-02-19 15:13 . 2004-05-20 12:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-02-19 15:13 . 2010-02-19 15:13 -------- d-----w- c:\program files\AudioToolsFactory
2010-02-19 15:13 . 2004-12-08 11:21 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-02-19 15:13 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2010-02-19 13:53 . 2008-02-27 10:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-02-19 13:53 . 2010-02-19 13:53 -------- d-----w- c:\program files\Belarc
2010-02-19 13:42 . 2010-02-19 13:42 -------- d-----w- c:\program files\MP3 Cutter Plus
2010-02-19 06:16 . 2010-02-19 06:16 -------- d-----w- c:\documents and settings\Albievz\Application Data\AnvSoft
2010-02-14 18:04 . 2010-02-14 18:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\languages
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\help
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\dict
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\custom matrices
2010-02-14 17:12 . 2010-02-20 06:21 -------- d-----w- c:\program files\Xvid
2010-02-14 17:12 . 2009-06-07 14:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-14 17:04 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-02-14 17:03 . 2010-02-14 17:03 -------- d-----w- c:\windows\Logs
2010-02-14 17:02 . 2010-02-14 17:03 -------- d-----w- c:\program files\Direct X
2010-02-11 17:40 . 2010-02-14 18:08 -------- d-----w- c:\documents and settings\Albievz\Application Data\VideoReDo-TVSuite
2010-02-11 17:40 . 2010-02-11 17:40 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-02-11 16:27 . 2010-02-11 16:27 -------- d-----w- c:\documents and settings\Albievz\Application Data\LEAPS
2010-02-11 16:26 . 2010-02-11 16:26 -------- d-----w- c:\documents and settings\Albievz\Application Data\Pegasys Inc
2010-02-11 16:19 . 2010-02-11 16:19 -------- d-----w- c:\program files\Pegasys Inc
2010-02-10 18:22 . 2010-02-10 18:24 -------- d-----w- c:\program files\Fast AVI MPEG Joiner
2010-02-10 17:30 . 2010-02-10 17:32 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2010-02-07 09:47 . 2010-02-07 09:47 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Video Converter
2010-02-07 09:46 . 2010-02-07 09:46 -------- d-----w- c:\program files\Haali
2010-02-07 09:45 . 2010-02-14 11:18 -------- d-----w- c:\program files\Free Video Converter
2010-02-07 09:45 . 2010-02-07 09:45 61208 ----a-w- c:\windows\system32\MPEG4E-uninstall.exe
2010-02-07 09:44 . 2010-02-07 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VideoConverter
2010-02-07 06:33 . 2010-02-07 06:33 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-07 06:33 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-07 06:33 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-07 05:47 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-02-07 05:47 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-02-07 05:47 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-07 05:47 . 2010-02-07 05:47 -------- d-----w- c:\program files\eRightSoft
2010-02-06 11:42 . 2010-02-06 11:42 -------- d-----w- c:\program files\DVD Identifier
2010-02-06 11:41 . 2010-02-06 11:41 -------- d-----w- c:\program files\DVD Decrypter
2010-02-06 10:30 . 2010-02-06 15:39 -------- d-----w- C:\FullDisc
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\documents and settings\Albievz\Application Data\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 10:00 -------- d-----w- c:\documents and settings\Albievz\Application Data\Vso
2010-02-06 09:59 . 2010-02-06 09:59 -------- d-----w- c:\program files\DVDFab 6
2010-02-05 20:42 . 2010-02-05 20:42 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-02-05 20:37 . 2010-02-05 21:38 -------- d-----w- c:\documents and settings\Albievz\Application Data\Toolbar4
2010-02-05 20:05 . 2010-02-05 20:05 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-02-05 20:01 . 2010-02-05 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-02-05 20:01 . 2010-02-05 20:05 -------- d-----w- c:\program files\DAP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 15:43 . 2009-11-21 04:57 0 ----a-w- c:\documents and settings\Albievz\Local Settings\Application Data\prvlcl.dat
2010-03-01 06:17 . 2009-12-09 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-02-25 21:10 . 2009-09-29 21:10 -------- d-----w- c:\documents and settings\Albievz\Application Data\Azureus
2010-02-25 21:05 . 2009-12-06 15:49 -------- d-----w- c:\program files\Pinnacle
2010-02-25 20:53 . 2009-12-06 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-02-23 21:37 . 2009-09-29 21:10 -------- d-----w- c:\program files\Vuze
2010-02-21 05:57 . 2009-09-24 17:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 06:17 . 2009-10-17 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 06:16 . 2009-11-01 04:18 -------- d-----w- c:\program files\Any Video Converter
2010-02-18 09:42 . 2009-11-01 04:18 -------- d-----w- c:\documents and settings\Albievz\Application Data\Any Video Converter
2010-02-11 01:02 . 2009-09-24 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-06 10:51 . 2010-01-03 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-05 21:20 . 2010-01-18 18:37 -------- d-----w- c:\program files\AskTBar
2010-02-05 20:35 . 2009-10-03 04:31 -------- d-----w- c:\program files\Minilyrics
2010-02-05 07:51 . 2009-11-11 09:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 15:52 . 2010-01-30 15:52 -------- d-----w- c:\documents and settings\Albievz\Application Data\Windows Search
2010-01-28 06:47 . 2009-12-11 14:32 -------- d-----w- c:\documents and settings\Albievz\Application Data\MiniLyrics
2010-01-27 14:38 . 2010-01-27 14:38 -------- d-----w- c:\program files\SyncToy 2.1
2010-01-26 18:24 . 2010-01-21 08:33 -------- d-----w- c:\documents and settings\Albievz\Application Data\Skype
2010-01-26 16:11 . 2010-01-26 16:11 -------- d-----w- c:\program files\PicPick
2010-01-25 15:30 . 2009-09-25 11:08 -------- d-----w- c:\program files\AVG
2010-01-21 08:33 . 2010-01-21 08:33 -------- d-----w- c:\program files\Skype
2010-01-21 08:33 . 2010-01-21 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-21 08:33 . 2010-01-21 08:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-21 08:25 . 2010-01-21 08:25 -------- d-----w- c:\program files\Common Files\PAC7302
2010-01-21 08:25 . 2010-01-21 08:25 -------- d-----w- c:\program files\ANC
2010-01-21 08:25 . 2009-09-25 07:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 05:43 . 2009-09-25 13:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 16:07 . 2010-01-20 16:12 389120 ----a-w- c:\windows\system32\CF76.exe
2010-01-20 16:05 . 2009-11-03 09:51 -------- d-----w- c:\documents and settings\Albievz\Application Data\DivX
2010-01-19 12:58 . 2010-01-16 15:18 -------- d-----w- c:\program files\Nero
2010-01-19 07:38 . 2010-01-18 19:02 -------- d-----w- c:\documents and settings\Albievz\Application Data\Nero
2010-01-18 19:54 . 2010-01-16 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-18 18:49 . 2010-01-18 18:21 -------- d-----w- c:\program files\Common Files\Nero
2010-01-18 18:34 . 2010-01-18 18:34 -------- d-----w- c:\program files\Windows Sidebar
2010-01-17 19:17 . 2009-10-11 18:54 -------- d-----w- c:\documents and settings\Albievz\Application Data\LimeWire
2010-01-15 20:38 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-01-10 09:08 . 2009-09-25 08:40 116240 ----a-w- c:\documents and settings\Albievz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 08:39 . 2010-01-10 08:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 13:51 . 2009-11-03 09:49 -------- d-----w- c:\documents and settings\Albievz\Application Data\Ulead Systems
2010-01-07 14:07 . 2009-10-17 12:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:07 . 2009-10-17 12:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 10:27 . 2010-01-03 10:27 -------- d-----w- c:\program files\Common Files\InterVideo
2010-01-03 10:27 . 2009-11-11 14:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-03 10:26 . 2009-11-03 07:27 -------- d-----w- c:\program files\DivX
2010-01-03 09:41 . 2010-01-03 09:40 -------- d-----w- c:\documents and settings\Albievz\Application Data\MenuShrink
2010-01-03 09:36 . 2010-01-03 09:36 -------- d-----w- c:\program files\DVD Shrink
2009-12-20 12:56 . 2009-12-20 12:56 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3741689E-584D-40C9-B011-373A0371846D}\Installer\CommonCustomActions\Sleep.exe
2009-12-20 12:56 . 2009-12-20 12:56 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3741689E-584D-40C9-B011-373A0371846D}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-20 12:53 . 2009-12-20 12:53 733783 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe
2009-12-20 12:53 . 2009-12-20 12:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-20 12:53 . 2009-12-20 12:53 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-20 12:53 . 2009-12-20 12:53 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 19:29 . 2009-12-09 19:30 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2006-10-04 06:00 . 2006-10-04 06:00 733184 ----a-w- c:\program files\Common Files\InfoSlips.ForMe.exe
2010-02-05 20:01 . 2010-02-28 19:34 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2006-05-03 10:06 . 2010-02-07 05:47 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-07 05:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-07 05:47 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-28_18.14.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 05:44 . 2010-03-01 05:44 16384 c:\windows\temp\Perflib_Perfdata_230.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Advanced SystemCare 3 "= "c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]
"filehippo.com "= "c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"PicPick Start "= "c:\program files\PicPick\picpick.exe" [2010-01-13 4057088]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-02-05 2815488]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Recguard "= "c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler "= "c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-15 611712]
"PAC7302_Monitor "= "c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"USBToolTip "= "c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 06:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0rmvirut.nt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\WINDOWS\\SMINST\\Scheduler.exe "=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe "=
"c:\\Program Files\\Vuze\\Azureus.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe "=
"c:\\Program Files\\Opera\\opera.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/29/2009 2:41 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/29/2009 2:41 PM 360584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/09 21:36];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/14/2009 9:55 PM 285392]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/25/2009 9:36 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 1:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 8:28 AM 172131]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys --> c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13796&l=dis&q=
FF - component: c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\DeviceNP.dll
.
Completion time: 2010-03-01 21:38:03
ComboFix-quarantined-files.txt 2010-03-01 19:38
ComboFix2.txt 2010-02-28 18:19
ComboFix3.txt 2009-10-18 04:40

Pre-Run: 28,236,541,952 bytes free
Post-Run: 28,212,641,792 bytes free

- - End Of File - - 9C658E97BC66BE3AC99E980388D301E2

avz10 · 2010/03/01

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:28 PM, on 3/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\PicPick\picpick.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10707 bytes

avz10 · 2010/03/01

I keep on having problems with Firefox as well. Might this be the problem?

I hope we can get a solution

Thanks for all your trouble. ( I restarted after running Combofix)

Albie

broni · 2010/03/01

One thing at a time, please.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\chg.exe
c:\documents and settings\Albievz\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\CF76.exe


Folder::

Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

avz10 · 2010/03/02

ComboFix 10-03-01.01 - Albievz 03/02/2010 8:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.404 [GMT 2:00]
Running from: c:\documents and settings\Albievz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Albievz\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Albievz\Local Settings\Application Data\prvlcl.dat "
"c:\windows\system32\CF76.exe "
"c:\windows\system32\chg.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Albievz\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\CF76.exe
c:\windows\system32\chg.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-01 20:11 . 2010-02-05 20:01 251392 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Temp\dapop.dll
2010-02-28 15:08 . 2010-02-28 15:08 -------- d-----w- c:\program files\Trend Micro
2010-02-27 11:27 . 2010-02-27 11:27 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Opera
2010-02-27 11:26 . 2010-02-27 11:27 -------- d-----w- c:\program files\Opera
2010-02-26 09:53 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-26 09:53 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-26 09:53 . 2004-08-03 22:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-02-26 09:53 . 2004-08-03 22:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-02-26 09:53 . 2001-08-17 12:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-02-26 09:53 . 2001-08-17 12:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-02-25 21:20 . 2010-02-25 21:20 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Pinnacle
2010-02-25 21:01 . 2010-02-25 21:01 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-02-25 21:01 . 2010-02-25 21:01 -------- d-----w- c:\program files\SureThing Express Labeler
2010-02-25 20:56 . 2010-02-25 20:56 29926 ----a-r- c:\documents and settings\Albievz\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-02-25 20:56 . 2010-02-25 20:56 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-02-25 20:54 . 2010-02-25 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-02-25 20:47 . 2010-02-25 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 14
2010-02-19 15:14 . 2010-02-19 19:51 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2010-02-19 15:13 . 2004-12-01 12:43 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-02-19 15:13 . 2004-08-02 13:09 450560 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-02-19 15:13 . 2004-05-20 12:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-02-19 15:13 . 2010-02-19 15:13 -------- d-----w- c:\program files\AudioToolsFactory
2010-02-19 15:13 . 2004-12-08 11:21 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-02-19 15:13 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2010-02-19 13:53 . 2008-02-27 10:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-02-19 13:53 . 2010-02-19 13:53 -------- d-----w- c:\program files\Belarc
2010-02-19 13:42 . 2010-02-19 13:42 -------- d-----w- c:\program files\MP3 Cutter Plus
2010-02-19 06:16 . 2010-02-19 06:16 -------- d-----w- c:\documents and settings\Albievz\Application Data\AnvSoft
2010-02-14 18:04 . 2010-02-14 18:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\languages
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\help
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\dict
2010-02-14 17:45 . 2010-02-14 17:45 -------- d-----w- c:\windows\system32\custom matrices
2010-02-14 17:12 . 2010-02-20 06:21 -------- d-----w- c:\program files\Xvid
2010-02-14 17:12 . 2009-06-07 14:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-14 17:04 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-02-14 17:03 . 2010-02-14 17:03 -------- d-----w- c:\windows\Logs
2010-02-14 17:02 . 2010-02-14 17:03 -------- d-----w- c:\program files\Direct X
2010-02-11 17:40 . 2010-02-14 18:08 -------- d-----w- c:\documents and settings\Albievz\Application Data\VideoReDo-TVSuite
2010-02-11 17:40 . 2010-02-11 17:40 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-02-11 16:27 . 2010-02-11 16:27 -------- d-----w- c:\documents and settings\Albievz\Application Data\LEAPS
2010-02-11 16:26 . 2010-02-11 16:26 -------- d-----w- c:\documents and settings\Albievz\Application Data\Pegasys Inc
2010-02-11 16:19 . 2010-02-11 16:19 -------- d-----w- c:\program files\Pegasys Inc
2010-02-10 18:22 . 2010-02-10 18:24 -------- d-----w- c:\program files\Fast AVI MPEG Joiner
2010-02-10 17:30 . 2010-02-10 17:32 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2010-02-07 09:47 . 2010-02-07 09:47 -------- d-----w- c:\documents and settings\Albievz\Local Settings\Application Data\Video Converter
2010-02-07 09:46 . 2010-02-07 09:46 -------- d-----w- c:\program files\Haali
2010-02-07 09:45 . 2010-02-14 11:18 -------- d-----w- c:\program files\Free Video Converter
2010-02-07 09:45 . 2010-02-07 09:45 61208 ----a-w- c:\windows\system32\MPEG4E-uninstall.exe
2010-02-07 09:44 . 2010-02-07 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VideoConverter
2010-02-07 06:33 . 2010-02-07 06:33 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-07 06:33 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-07 06:33 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-07 05:47 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-02-07 05:47 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-02-07 05:47 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-07 05:47 . 2010-02-07 05:47 -------- d-----w- c:\program files\eRightSoft
2010-02-06 11:42 . 2010-02-06 11:42 -------- d-----w- c:\program files\DVD Identifier
2010-02-06 11:41 . 2010-02-06 11:41 -------- d-----w- c:\program files\DVD Decrypter
2010-02-06 10:30 . 2010-02-06 15:39 -------- d-----w- C:\FullDisc
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 09:59 47360 ----a-w- c:\documents and settings\Albievz\Application Data\pcouffin.sys
2010-02-06 09:59 . 2010-02-06 10:00 -------- d-----w- c:\documents and settings\Albievz\Application Data\Vso
2010-02-06 09:59 . 2010-02-06 09:59 -------- d-----w- c:\program files\DVDFab 6
2010-02-05 20:42 . 2010-02-05 20:42 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-02-05 20:37 . 2010-02-05 21:38 -------- d-----w- c:\documents and settings\Albievz\Application Data\Toolbar4
2010-02-05 20:05 . 2010-02-05 20:05 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-02-05 20:01 . 2010-02-05 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-02-05 20:01 . 2010-02-05 20:05 -------- d-----w- c:\program files\DAP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 19:46 . 2009-12-09 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-03-01 19:38 . 2009-11-11 09:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-25 21:10 . 2009-09-29 21:10 -------- d-----w- c:\documents and settings\Albievz\Application Data\Azureus
2010-02-25 21:05 . 2009-12-06 15:49 -------- d-----w- c:\program files\Pinnacle
2010-02-25 20:53 . 2009-12-06 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-02-23 21:37 . 2009-09-29 21:10 -------- d-----w- c:\program files\Vuze
2010-02-21 05:57 . 2009-09-24 17:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 06:17 . 2009-10-17 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 06:16 . 2009-11-01 04:18 -------- d-----w- c:\program files\Any Video Converter
2010-02-18 09:42 . 2009-11-01 04:18 -------- d-----w- c:\documents and settings\Albievz\Application Data\Any Video Converter
2010-02-11 01:02 . 2009-09-24 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-06 10:51 . 2010-01-03 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-05 21:20 . 2010-01-18 18:37 -------- d-----w- c:\program files\AskTBar
2010-02-05 20:35 . 2009-10-03 04:31 -------- d-----w- c:\program files\Minilyrics
2010-01-30 15:52 . 2010-01-30 15:52 -------- d-----w- c:\documents and settings\Albievz\Application Data\Windows Search
2010-01-28 06:47 . 2009-12-11 14:32 -------- d-----w- c:\documents and settings\Albievz\Application Data\MiniLyrics
2010-01-27 14:38 . 2010-01-27 14:38 -------- d-----w- c:\program files\SyncToy 2.1
2010-01-26 18:24 . 2010-01-21 08:33 -------- d-----w- c:\documents and settings\Albievz\Application Data\Skype
2010-01-26 16:11 . 2010-01-26 16:11 -------- d-----w- c:\program files\PicPick
2010-01-25 15:30 . 2009-09-25 11:08 -------- d-----w- c:\program files\AVG
2010-01-21 08:33 . 2010-01-21 08:33 -------- d-----w- c:\program files\Skype
2010-01-21 08:33 . 2010-01-21 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-21 08:33 . 2010-01-21 08:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-21 08:25 . 2010-01-21 08:25 -------- d-----w- c:\program files\Common Files\PAC7302
2010-01-21 08:25 . 2010-01-21 08:25 -------- d-----w- c:\program files\ANC
2010-01-21 08:25 . 2009-09-25 07:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 05:43 . 2009-09-25 13:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 16:05 . 2009-11-03 09:51 -------- d-----w- c:\documents and settings\Albievz\Application Data\DivX
2010-01-19 12:58 . 2010-01-16 15:18 -------- d-----w- c:\program files\Nero
2010-01-19 07:38 . 2010-01-18 19:02 -------- d-----w- c:\documents and settings\Albievz\Application Data\Nero
2010-01-18 19:54 . 2010-01-16 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-18 18:49 . 2010-01-18 18:21 -------- d-----w- c:\program files\Common Files\Nero
2010-01-18 18:34 . 2010-01-18 18:34 -------- d-----w- c:\program files\Windows Sidebar
2010-01-17 19:17 . 2009-10-11 18:54 -------- d-----w- c:\documents and settings\Albievz\Application Data\LimeWire
2010-01-15 20:38 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-01-10 09:08 . 2009-09-25 08:40 116240 ----a-w- c:\documents and settings\Albievz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 08:39 . 2010-01-10 08:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 13:51 . 2009-11-03 09:49 -------- d-----w- c:\documents and settings\Albievz\Application Data\Ulead Systems
2010-01-07 14:07 . 2009-10-17 12:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:07 . 2009-10-17 12:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 10:27 . 2010-01-03 10:27 -------- d-----w- c:\program files\Common Files\InterVideo
2010-01-03 10:27 . 2009-11-11 14:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-03 10:26 . 2009-11-03 07:27 -------- d-----w- c:\program files\DivX
2010-01-03 09:41 . 2010-01-03 09:40 -------- d-----w- c:\documents and settings\Albievz\Application Data\MenuShrink
2010-01-03 09:36 . 2010-01-03 09:36 -------- d-----w- c:\program files\DVD Shrink
2009-12-20 12:56 . 2009-12-20 12:56 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3741689E-584D-40C9-B011-373A0371846D}\Installer\CommonCustomActions\Sleep.exe
2009-12-20 12:56 . 2009-12-20 12:56 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3741689E-584D-40C9-B011-373A0371846D}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-20 12:53 . 2009-12-20 12:53 733783 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe
2009-12-20 12:53 . 2009-12-20 12:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-20 12:53 . 2009-12-20 12:53 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-20 12:53 . 2009-12-20 12:53 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 19:29 . 2009-12-09 19:30 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2006-10-04 06:00 . 2006-10-04 06:00 733184 ----a-w- c:\program files\Common Files\InfoSlips.ForMe.exe
2010-02-05 20:01 . 2010-02-28 19:34 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2006-05-03 10:06 . 2010-02-07 05:47 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-07 05:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-07 05:47 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-28_18.14.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 19:48 . 2010-03-01 19:48 16384 c:\windows\temp\Perflib_Perfdata_eb0.dat
+ 2010-03-01 19:39 . 2010-03-01 19:39 3940352 c:\windows\Installer\2fd1b94.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Advanced SystemCare 3 "= "c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]
"filehippo.com "= "c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"PicPick Start "= "c:\program files\PicPick\picpick.exe" [2010-01-13 4057088]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-02-05 2815488]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Recguard "= "c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler "= "c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-15 611712]
"PAC7302_Monitor "= "c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"USBToolTip "= "c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 19:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 06:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0rmvirut.nt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\WINDOWS\\SMINST\\Scheduler.exe "=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe "=
"c:\\Program Files\\Vuze\\Azureus.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe "=
"c:\\Program Files\\Opera\\opera.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/29/2009 2:41 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/29/2009 2:41 PM 360584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/09 21:36];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/14/2009 9:55 PM 285392]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/25/2009 9:36 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 1:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 8:28 AM 172131]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys --> c:\docume~1\Albievz\LOCALS~1\Temp\Rar$EX00.875\SysProt\SysProtDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13796&l=dis&q=
FF - component: c:\documents and settings\Albievz\Application Data\Mozilla\Firefox\Profiles\6j58hfqr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 08:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-03-02 08:41:51
ComboFix-quarantined-files.txt 2010-03-02 06:41
ComboFix2.txt 2010-03-01 19:38
ComboFix3.txt 2010-02-28 18:19
ComboFix4.txt 2009-10-18 04:40

Pre-Run: 28,116,303,872 bytes free
Post-Run: 28,077,883,392 bytes free

- - End Of File - - 1D0BF609611D41B8C90DB3606EDE8B08

avz10 · 2010/03/02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:46 AM, on 3/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10423 bytes

broni · 2010/03/02

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==================================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

avz10 · 2010/03/03

I am having problems with the Kaspersky scan. It was scanning for 10 hours and got stuck at basically the same spot as the screenshot. I started again today- same thing.

Please advise

Thanks
Albie

broni · 2010/03/03

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

avz10 · 2010/03/04

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bcca891cb371754ba139b062d4196efb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-03 09:33:49
# local_time=2010-03-03 11:33:49 (+0200, South Africa Standard Time)
# country= "United States "
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 279020 279020 0 0
# compatibility_mode=1024 16777191 100 0 3215262 3215262 0 0
# compatibility_mode=8192 67108863 100 0 4637 4637 0 0
# scanned=120155
# found=6
# cleaned=6
# scan_time=3515
C:\Documents and Settings\Albievz\Desktop\songs-music-birthday_files\index.htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Albievz\My Documents\Downloads\MP3CutterPlusSetup.exe Win32/Adware.RK.AB application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{9BD331A2-DA54-4E13-BC23-E2300F46AE99}\RP261\A0053797.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{9BD331A2-DA54-4E13-BC23-E2300F46AE99}\RP261\A0053805.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{9BD331A2-DA54-4E13-BC23-E2300F46AE99}\RP261\A0053806.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{9BD331A2-DA54-4E13-BC23-E2300F46AE99}\RP261\A0053866.dll Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

avz10 · 2010/03/04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:27 AM, on 3/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\PicPick\picpick.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\SMINST\PCAngel.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe "
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe "
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253880538828
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10551 bytes

broni · 2010/03/04

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

nothing malicious to remove

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background

5. Click on Fix checked button.

6. Restart computer.

When done...

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

avz10 · 2010/03/04

Hi broni

Hope you are still online.
I have installed Java.

When I open Hijack This, I do not know where to find "nothing malicious to remove" or that list of entries.

Thanks
Albie

avz10 · 2010/03/04

Not good news:

I could find the place to tick "nothing malicious... ", but ticked all mentioned in "4 ". I fixed checked; etc and followed all the instructions.
This unfortunately keeps on popping up.

I am basically unable to open MS office, can open it in safe mood and Firefox and IE often "experience a problem and needs to close "

Hope you can help!
Albie

avz10 · 2010/03/04

Since I last posted, I deleted all unnecessary software, also uninstalled Office 2007; downloaded Spybot Search and Destroy and ran SS&D (no problem); AVG (no problem) and Malwarebytes Ant Malware.
This is the log:
Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/4/2010 5:01:29 PM
mbam-log-2010-03-04 (17-01-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 230886
Time elapsed: 2 hour(s), 47 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
I will now run Hijack This and post

Log in or Sign up

Active Error message after removing SP3

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

Share This Page

Log in or Sign up

Active Error message after removing SP3

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

broni Moderator Malware Analyst

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

avz10 Inactive Thread Starter

Share This Page

Useful Searches