1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Red x next to c drive and slow computer.

Discussion in 'Malware and Virus Removal Archive' started by NanaCakes, 2009/12/30.

Page 1 of 2
  1. 2009/12/30
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    [Resolved] Red x next to c drive and slow computer.

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Owner at 11:48:20.56 on Wed 12/30/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.77 [GMT -7:00]

    AV: AVG 7.5.516 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
    AV: AOL Antivirus *On-access scanning enabled* (Updated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
    FW: AVG Firewall 7.5.500 *disabled* {8DECF618-9569-4340-B34A-D78D28969B66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    {fdd3b846-8d59-4ffb-8758-209b6ad74acc}
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {9A7D6AD2-0881-451F-BB27-F5E2EE2C5B14} - No File
    uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
    LSP: c:\windows\system32\avgfwafu.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    Notify: gebxyxw - gebxyxw.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: oxbjobro - oxbjobro.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\jkhfe

    ============= SERVICES / DRIVERS ===============

    R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-27 821856]
    R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-27 4224]
    R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-27 27776]
    R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-27 10760]
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2008-2-13 80640]
    R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-5-27 418816]
    R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-5-27 49664]
    R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-5-27 406528]
    R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-12-27 4960]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S2 AVGFwSrv;AVG Firewall;c:\progra~1\grisoft\avg7\avgfwsrv.exe [2007-5-27 838656]
    S2 mrtRate;mrtRate; [x]

    =============== Created Last 30 ================

    2009-12-30 02:55:06 0 d-----w- c:\program files\TrendMicro
    2009-12-30 00:08:38 0 d-----w- C:\VundoFix Backups
    2009-12-30 00:00:31 0 d-----w- c:\program files\Defraggler
    2009-12-29 23:30:31 0 d-----w- c:\program files\CCleaner
    2009-12-27 19:51:43 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-27 19:50:03 0 d-----w- c:\program files\Bonjour
    2009-12-27 19:43:07 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-12-27 19:43:06 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-12-27 18:29:28 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2009-12-27 04:20:26 0 d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
    2009-12-27 04:20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-27 04:20:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-12-27 04:20:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-27 04:20:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-26 20:42:03 0 d-----w- c:\program files\GameMill Entertainment
    2009-12-26 17:07:57 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2009-12-26 17:07:56 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2009-12-26 17:07:56 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-12-26 17:07:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2009-12-25 01:58:41 0 d-----w- c:\windows\system32\Adobe
    2009-12-23 22:34:39 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-12-23 21:23:50 0 d-sh--w- c:\documents and settings\owner.your-xhtr8hvc4p\IECompatCache
    2009-12-23 21:23:04 0 d-sh--w- c:\documents and settings\owner.your-xhtr8hvc4p\PrivacIE
    2009-12-23 21:20:46 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-23 20:38:47 0 d-sh--w- c:\documents and settings\owner.your-xhtr8hvc4p\IETldCache
    2009-12-23 20:26:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-12-23 20:26:21 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-12-23 20:25:58 0 d-----w- c:\windows\ie8updates
    2009-12-23 20:23:50 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-12-23 20:17:51 0 dc-h--w- c:\windows\ie8

    ==================== Find3M ====================

    2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
    2007-06-11 02:11:42 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2008-12-31 02:48:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123020081231\index.dat

    ============= FINISH: 11:49:20.07 ===============
     
    NanaCakes,
    #1
  2. 2009/12/30
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/3/2007 2:00:50 PM
    System Uptime: 12/30/2009 11:14:39 AM (0 hours ago)

    Motherboard: TriGem Computer Inc. | | Glendale motherboard
    Processor: Intel(R) Celeron(R) CPU 2.70GHz | WMT478/NWD | 2691/mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 32 GiB total, 18.362 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 0.963 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP517: 10/1/2009 10:00:42 AM - System Checkpoint
    RP518: 10/9/2009 8:04:16 AM - Software Distribution Service 3.0
    RP519: 10/10/2009 8:42:56 AM - System Checkpoint
    RP520: 10/11/2009 9:12:39 AM - System Checkpoint
    RP521: 10/12/2009 4:30:29 PM - Software Distribution Service 3.0
    RP522: 10/18/2009 9:55:42 AM - Software Distribution Service 3.0
    RP523: 10/18/2009 5:23:03 PM - Software Distribution Service 3.0
    RP524: 10/22/2009 7:13:56 PM - Software Distribution Service 3.0
    RP525: 10/27/2009 7:14:28 AM - Software Distribution Service 3.0
    RP526: 11/4/2009 5:26:30 PM - Software Distribution Service 3.0
    RP527: 11/4/2009 5:42:11 PM - Software Distribution Service 3.0
    RP528: 11/14/2009 8:27:28 AM - Software Distribution Service 3.0
    RP529: 11/15/2009 3:00:45 AM - Software Distribution Service 3.0
    RP530: 11/16/2009 3:30:01 AM - System Checkpoint
    RP531: 11/16/2009 8:01:49 PM - Software Distribution Service 3.0
    RP532: 11/17/2009 8:29:59 PM - System Checkpoint
    RP533: 11/18/2009 9:29:57 PM - System Checkpoint
    RP534: 11/19/2009 10:29:57 PM - System Checkpoint
    RP535: 11/20/2009 1:54:54 AM - Software Distribution Service 3.0
    RP536: 11/21/2009 2:56:15 AM - System Checkpoint
    RP537: 11/22/2009 2:57:15 AM - System Checkpoint
    RP538: 11/23/2009 3:45:14 AM - System Checkpoint
    RP539: 11/23/2009 11:03:04 AM - Software Distribution Service 3.0
    RP540: 11/24/2009 11:50:31 AM - System Checkpoint
    RP541: 11/25/2009 3:00:39 AM - Software Distribution Service 3.0
    RP542: 11/26/2009 3:37:19 AM - System Checkpoint
    RP543: 11/30/2009 3:43:31 PM - Software Distribution Service 3.0
    RP544: 12/11/2009 5:06:51 PM - Software Distribution Service 3.0
    RP545: 12/12/2009 3:00:40 AM - Software Distribution Service 3.0
    RP546: 12/13/2009 3:42:44 AM - System Checkpoint
    RP547: 12/14/2009 4:30:13 AM - System Checkpoint
    RP548: 12/23/2009 12:50:24 PM - Software Distribution Service 3.0
    RP549: 12/23/2009 1:03:02 PM - Software Distribution Service 3.0
    RP550: 12/23/2009 2:19:39 PM - Installed Java(TM) 6 Update 17
    RP551: 12/24/2009 10:08:10 AM - Software Distribution Service 3.0
    RP552: 12/24/2009 10:57:44 AM - Software Distribution Service 3.0
    RP553: 12/26/2009 10:47:47 AM - System Checkpoint
    RP554: 12/27/2009 12:51:25 PM - Installed iTunes
    RP555: 12/27/2009 1:38:45 PM - Removed iTunes
    RP556: 12/28/2009 11:36:33 AM - Software Distribution Service 3.0
    RP557: 12/29/2009 11:46:49 AM - System Checkpoint
    RP558: 12/29/2009 7:55:04 PM - Installed HiJackThis

    ==== Installed Programs ======================


    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 6.0
    Adobe Shockwave Player 11.5
    AOL Uninstaller
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 7.5
    Bonjour
    CCleaner
    CreativeProjects
    Defraggler
    Director
    Hidden Mysteries Buckingham Palace
    HiJackThis
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Deskjet Preloaded Printer Drivers
    HP Instant Support
    HP Organize
    HP Photo & Imaging 3.0
    HP Photo and Imaging 2.0 - Photosmart Cameras
    HP Software Update
    HPImageZone
    HPIZ Fix2
    hpmdtab
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InstantShare
    Intel(R) Extreme Graphics Driver
    IntelliMover Data Transfer Demo
    Java 2 Runtime Environment, SE v1.4.1_02
    Java Web Start
    Java(TM) 6 Update 17
    Java(TM) 6 Update 5
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2003
    Microsoft Money 2003 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Plus! Digital Media Edition
    Microsoft Silverlight
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works 7.0
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MUSICMATCH® Jukebox
    NVIDIA Gart Driver
    NVIDIA Windows 2000/XP Display Drivers
    PC-Doctor for Windows
    PhotoGallery
    Photosmart 140,240,7200,7600,7700,7900 Series
    PrintScreen
    PSShortcutsP
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    Quicken 2003 New User Edition
    QuickProjects
    QuickTime
    RealOne Player
    RecordNow!
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    SkinsHP1
    SkinsHP2
    Sonic Update Manager
    TrayApp
    Unload
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updates from HP
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live installer
    Windows XP Service Pack 3
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    12/27/2009 12:11:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    12/27/2009 1:55:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avg7Core Avg7RsW Avg7RsXP Fips intelppm
    12/27/2009 1:54:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/27/2009 1:54:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/27/2009 1:45:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    12/26/2009 11:51:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 nv_agp SISAGP viaagp1
    12/24/2009 10:02:51 AM, error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error 0 (0x0).
    12/24/2009 10:02:51 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
    NanaCakes,
    #2


  3. to hide this advert.

  4. 2009/12/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    AVG 7.5 is not functional anymore, so basically, you don't have any AV program installed.
    Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools
    I can also see some AOL Antivirus listed, which I'm not familiar with.
    If it's listed in Add\Remove, uninstall it as well.

    When done, download and install one of these:

    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
    NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

    If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
    If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

    IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

    After installation, update the program and run full scan.

    When done....

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2009/12/30
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/30/2009 at 09:55 PM

    Application Version : 4.32.1000

    Core Rules Database Version : 4428
    Trace Rules Database Version: 2254

    Scan type : Custom Scan
    Total Scan Time : 02:44:33

    Memory items scanned : 219
    Memory threats detected : 0
    Registry items scanned : 5300
    Registry threats detected : 2
    File items scanned : 106633
    File threats detected : 60

    Adware.IWinGames
    HKU\S-1-5-21-2219435402-3076144580-2775535486-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

    Adware.Vundo Variant
    HKU\S-1-5-21-2219435402-3076144580-2775535486-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@advertising[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@imrworldwide[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@247realmedia[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@bs.serving-sys[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ad.wsod[3].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@tribalfusion[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ads.infinisource[3].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@apmebf[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@adserver.adtechus[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@revsci[3].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@atdmt[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@pointroll[3].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@oasn03.247realmedia[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ads.pointroll[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@mediaplex[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@doubleclick[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@avgtechnologies.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ad.yieldmanager[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@serving-sys[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .adlegend.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .kanoodle.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .adknowledge.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .adknowledge.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    .partner2profit.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ohhx0k9v.default\cookies.txt ]
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@247realmedia[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ad.wsod[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ad.yieldmanager[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ads.cnn[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ads.infinisource[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@ads.pointroll[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@adserver.adtechus[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@atdmt[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@chitika[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@collective-media[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@doubleclick[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@insightexpressai[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@media6degrees[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@oasn03.247realmedia[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@pointroll[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@popcapgames.122.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@revsci[1].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@server.iad.liveperson[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@server.iad.liveperson[3].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@statse.webtrendslive[2].txt
    C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Cookies\owner@zedo[1].txt
     
    NanaCakes,
    #4
  6. 2009/12/31
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.42
    Database version: 3437
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/31/2009 12:53:54 AM
    mbam-log-2009-12-31 (00-53-54).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 252537
    Time elapsed: 2 hour(s), 24 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    NanaCakes,
    #5
  7. 2009/12/31
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    I downloaded and ran the GMER program. It scanned my computer but I do no know the results. When it finished it just restarted my computer. I do not know if it made a log or not as I can not find one. Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32:44 PM, on 12/31/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: gebxyxw - gebxyxw.dll (file missing)
    O20 - Winlogon Notify: oxbjobro - oxbjobro.dll (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 7162 bytes
     
    NanaCakes,
    #6
  8. 2009/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you uninstall AVG 7.5, using AVG Remover, because I still can see it running?
     
    broni,
    #7
  9. 2009/12/31
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    I believe I did. I can try again.
     
    NanaCakes,
    #8
  10. 2009/12/31
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    I downloaded and ran the uninstal program again. When I browsed through it, it looks like it did not find avg? I dont know if I'm doing something wrong. Here is the log.

    2010-01-01 02:00:10,078 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2010-01-01 02:00:10,125 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2010-01-01 02:00:10,125 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:programFilesDir (x86) value failed (error: e001003d)
    2010-01-01 02:00:10,125 WARN AvgDir param empty.
    2010-01-01 02:00:10,125 WARN AvgDataDir param empty.
    2010-01-01 02:00:32,171 INFO AvgRemover runs in attempt number 1
    2010-01-01 02:00:32,171 INFO ***** Services *****
    2010-01-01 02:00:32,171 INFO Processing service avg8emc
    2010-01-01 02:00:32,187 INFO Service avg8emc is not installed
    2010-01-01 02:00:32,187 DEBUG Service avg8emc RegCleanup
    2010-01-01 02:00:32,187 DEBUG Registry keys for service avg8emc are not present
    2010-01-01 02:00:32,187 INFO Processing service avgfws8
    2010-01-01 02:00:32,187 INFO Service avgfws8 is not installed
    2010-01-01 02:00:32,187 DEBUG Service avgfws8 RegCleanup
    2010-01-01 02:00:32,187 DEBUG Registry keys for service avgfws8 are not present
    2010-01-01 02:00:32,187 INFO Processing service avg8wd
    2010-01-01 02:00:32,187 INFO Service avg8wd is not installed
    2010-01-01 02:00:32,187 DEBUG Service avg8wd RegCleanup
    2010-01-01 02:00:32,187 DEBUG Registry keys for service avg8wd are not present
    2010-01-01 02:00:32,187 INFO Processing service AvgWFPx
    2010-01-01 02:00:32,203 INFO Service AvgWFPx is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgWFPx RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgWFPx are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgWFPa
    2010-01-01 02:00:32,203 INFO Service AvgWFPa is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgWFPa RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgWFPa are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgMfx86
    2010-01-01 02:00:32,203 INFO Service AvgMfx86 is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgMfx86 RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgMfx86 are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgMfx64
    2010-01-01 02:00:32,203 INFO Service AvgMfx64 is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgMfx64 RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgMfx64 are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgLdx86
    2010-01-01 02:00:32,203 INFO Service AvgLdx86 is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgLdx86 RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgLdx86 are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgLdx64
    2010-01-01 02:00:32,203 INFO Service AvgLdx64 is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgLdx64 RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgLdx64 are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgTdiX
    2010-01-01 02:00:32,203 INFO Service AvgTdiX is not installed
    2010-01-01 02:00:32,203 DEBUG Service AvgTdiX RegCleanup
    2010-01-01 02:00:32,203 DEBUG Registry keys for service AvgTdiX are not present
    2010-01-01 02:00:32,203 INFO Processing service AvgTdiA
    2010-01-01 02:00:32,218 INFO Service AvgTdiA is not installed
    2010-01-01 02:00:32,218 DEBUG Service AvgTdiA RegCleanup
    2010-01-01 02:00:32,218 DEBUG Registry keys for service AvgTdiA are not present
    2010-01-01 02:00:32,218 INFO Processing service AvgRkx86
    2010-01-01 02:00:32,218 INFO Service AvgRkx86 is not installed
    2010-01-01 02:00:32,218 DEBUG Service AvgRkx86 RegCleanup
    2010-01-01 02:00:32,218 DEBUG Registry keys for service AvgRkx86 are not present
    2010-01-01 02:00:32,218 INFO Processing service AvgRkx64
    2010-01-01 02:00:32,218 INFO Service AvgRkx64 is not installed
    2010-01-01 02:00:32,218 DEBUG Service AvgRkx64 RegCleanup
    2010-01-01 02:00:32,218 DEBUG Registry keys for service AvgRkx64 are not present
    2010-01-01 02:00:32,218 INFO Processing service avg9emc
    2010-01-01 02:00:32,218 INFO Service avg9emc is not installed
    2010-01-01 02:00:32,218 DEBUG Service avg9emc RegCleanup
    2010-01-01 02:00:32,218 DEBUG Registry keys for service avg9emc are not present
    2010-01-01 02:00:32,218 INFO Processing service avgfws9
    2010-01-01 02:00:32,234 INFO Service avgfws9 is not installed
    2010-01-01 02:00:32,234 DEBUG Service avgfws9 RegCleanup
    2010-01-01 02:00:32,234 DEBUG Registry keys for service avgfws9 are not present
    2010-01-01 02:00:32,234 INFO Processing service avg9wd
    2010-01-01 02:00:32,234 INFO Service avg9wd is not installed
    2010-01-01 02:00:32,234 DEBUG Service avg9wd RegCleanup
    2010-01-01 02:00:32,234 DEBUG Registry keys for service avg9wd are not present
    2010-01-01 02:00:32,234 INFO Processing service AVGIDSAgent
    2010-01-01 02:00:32,234 INFO Service AVGIDSAgent is not installed
    2010-01-01 02:00:32,234 DEBUG Service AVGIDSAgent RegCleanup
    2010-01-01 02:00:32,234 DEBUG Registry keys for service AVGIDSAgent are not present
    2010-01-01 02:00:32,234 INFO Processing service AVGIDSShimxpx
    2010-01-01 02:00:32,234 INFO Service AVGIDSShimxpx is not installed
    2010-01-01 02:00:32,234 DEBUG Service AVGIDSShimxpx RegCleanup
    2010-01-01 02:00:32,234 DEBUG Registry keys for service AVGIDSShimxpx are not present
    2010-01-01 02:00:32,234 INFO Processing service AVGIDSFilterxpx
    2010-01-01 02:00:32,250 INFO Service AVGIDSFilterxpx is not installed
    2010-01-01 02:00:32,250 DEBUG Service AVGIDSFilterxpx RegCleanup
    2010-01-01 02:00:32,250 DEBUG Registry keys for service AVGIDSFilterxpx are not present
    2010-01-01 02:00:32,250 INFO Processing service AVGIDSDriverxpx
    2010-01-01 02:00:32,250 INFO Service AVGIDSDriverxpx is not installed
    2010-01-01 02:00:32,250 DEBUG Service AVGIDSDriverxpx RegCleanup
    2010-01-01 02:00:32,250 DEBUG Registry keys for service AVGIDSDriverxpx are not present
    2010-01-01 02:00:32,250 INFO Processing service AVGIDSShimvtx
    2010-01-01 02:00:32,250 INFO Service AVGIDSShimvtx is not installed
    2010-01-01 02:00:32,250 DEBUG Service AVGIDSShimvtx RegCleanup
    2010-01-01 02:00:32,250 DEBUG Registry keys for service AVGIDSShimvtx are not present
    2010-01-01 02:00:32,250 INFO Processing service AVGIDSFiltervtx
    2010-01-01 02:00:32,250 INFO Service AVGIDSFiltervtx is not installed
    2010-01-01 02:00:32,250 DEBUG Service AVGIDSFiltervtx RegCleanup
    2010-01-01 02:00:32,250 DEBUG Registry keys for service AVGIDSFiltervtx are not present
    2010-01-01 02:00:32,250 INFO Processing service AVGIDSDrivervtx
    2010-01-01 02:00:32,250 INFO Service AVGIDSDrivervtx is not installed
    2010-01-01 02:00:32,250 DEBUG Service AVGIDSDrivervtx RegCleanup
    2010-01-01 02:00:32,250 DEBUG Registry keys for service AVGIDSDrivervtx are not present
    2010-01-01 02:00:32,250 INFO Processing service AVGIDSFiltervta
    2010-01-01 02:00:32,265 INFO Service AVGIDSFiltervta is not installed
    2010-01-01 02:00:32,265 DEBUG Service AVGIDSFiltervta RegCleanup
    2010-01-01 02:00:32,265 DEBUG Registry keys for service AVGIDSFiltervta are not present
    2010-01-01 02:00:32,265 INFO Processing service AVGIDSDrivervta
    2010-01-01 02:00:32,265 INFO Service AVGIDSDrivervta is not installed
    2010-01-01 02:00:32,265 DEBUG Service AVGIDSDrivervta RegCleanup
    2010-01-01 02:00:32,265 DEBUG Registry keys for service AVGIDSDrivervta are not present
    2010-01-01 02:00:32,265 INFO Processing service AVGIDSShimw7x
    2010-01-01 02:00:32,265 INFO Service AVGIDSShimw7x is not installed
    2010-01-01 02:00:32,265 DEBUG Service AVGIDSShimw7x RegCleanup
    2010-01-01 02:00:32,265 DEBUG Registry keys for service AVGIDSShimw7x are not present
    2010-01-01 02:00:32,265 INFO Processing service AVGIDSFilterw7x
    2010-01-01 02:00:32,265 INFO Service AVGIDSFilterw7x is not installed
    2010-01-01 02:00:32,265 DEBUG Service AVGIDSFilterw7x RegCleanup
    2010-01-01 02:00:32,265 DEBUG Registry keys for service AVGIDSFilterw7x are not present
    2010-01-01 02:00:32,265 INFO Processing service AVGIDSDriverw7x
    2010-01-01 02:00:32,281 INFO Service AVGIDSDriverw7x is not installed
    2010-01-01 02:00:32,281 DEBUG Service AVGIDSDriverw7x RegCleanup
    2010-01-01 02:00:32,281 DEBUG Registry keys for service AVGIDSDriverw7x are not present
    2010-01-01 02:00:32,281 INFO Processing service AVGIDSFilterw7a
    2010-01-01 02:00:32,296 INFO Service AVGIDSFilterw7a is not installed
    2010-01-01 02:00:32,296 DEBUG Service AVGIDSFilterw7a RegCleanup
    2010-01-01 02:00:32,296 DEBUG Registry keys for service AVGIDSFilterw7a are not present
    2010-01-01 02:00:32,296 INFO Processing service AVGIDSDriverw7a
    2010-01-01 02:00:32,312 INFO Service AVGIDSDriverw7a is not installed
    2010-01-01 02:00:32,312 DEBUG Service AVGIDSDriverw7a RegCleanup
    2010-01-01 02:00:32,312 DEBUG Registry keys for service AVGIDSDriverw7a are not present
    2010-01-01 02:00:32,312 INFO Processing service AVGIDSErHrxpx
    2010-01-01 02:00:32,312 INFO Service AVGIDSErHrxpx is not installed
    2010-01-01 02:00:32,312 DEBUG Service AVGIDSErHrxpx RegCleanup
    2010-01-01 02:00:32,312 DEBUG Registry keys for service AVGIDSErHrxpx are not present
    2010-01-01 02:00:32,312 INFO Processing service AVGIDSErHrvtx
    2010-01-01 02:00:32,312 INFO Service AVGIDSErHrvtx is not installed
    2010-01-01 02:00:32,312 DEBUG Service AVGIDSErHrvtx RegCleanup
    2010-01-01 02:00:32,312 DEBUG Registry keys for service AVGIDSErHrvtx are not present
    2010-01-01 02:00:32,312 INFO Processing service AVGIDSErHrvta
    2010-01-01 02:00:32,312 INFO Service AVGIDSErHrvta is not installed
    2010-01-01 02:00:32,312 DEBUG Service AVGIDSErHrvta RegCleanup
    2010-01-01 02:00:32,312 DEBUG Registry keys for service AVGIDSErHrvta are not present
    2010-01-01 02:00:32,312 INFO Processing service AVGIDSErHrw7x
    2010-01-01 02:00:32,312 INFO Service AVGIDSErHrw7x is not installed
    2010-01-01 02:00:32,312 DEBUG Service AVGIDSErHrw7x RegCleanup
    2010-01-01 02:00:32,312 DEBUG Registry keys for service AVGIDSErHrw7x are not present
    2010-01-01 02:00:32,312 INFO Processing service AVGIDSErHrw7a
    2010-01-01 02:00:32,328 INFO Service AVGIDSErHrw7a is not installed
    2010-01-01 02:00:32,328 DEBUG Service AVGIDSErHrw7a RegCleanup
    2010-01-01 02:00:32,328 DEBUG Registry keys for service AVGIDSErHrw7a are not present
    2010-01-01 02:00:32,328 INFO ***** Registry keys and values *****
    2010-01-01 02:00:32,328 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
    2010-01-01 02:00:32,328 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
    2010-01-01 02:00:32,671 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
    2010-01-01 02:00:32,703 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
    2010-01-01 02:00:32,703 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
    2010-01-01 02:00:32,703 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
    2010-01-01 02:00:32,703 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
    2010-01-01 02:00:32,703 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
    2010-01-01 02:00:32,765 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
    2010-01-01 02:00:32,765 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
    2010-01-01 02:00:32,781 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
    2010-01-01 02:00:32,781 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
    2010-01-01 02:00:32,781 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
    2010-01-01 02:00:32,781 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
    2010-01-01 02:00:32,781 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
    2010-01-01 02:00:32,781 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
    2010-01-01 02:00:32,781 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
    2010-01-01 02:00:32,781 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2010-01-01 02:00:32,781 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2010-01-01 02:00:32,781 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2010-01-01 02:00:32,781 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
    2010-01-01 02:00:32,781 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
    2010-01-01 02:00:32,812 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
    2010-01-01 02:00:32,812 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2010-01-01 02:00:32,812 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2010-01-01 02:00:32,812 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2010-01-01 02:00:32,812 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
    2010-01-01 02:00:32,812 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
    2010-01-01 02:00:32,828 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
    2010-01-01 02:00:32,828 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
    2010-01-01 02:00:32,828 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
    2010-01-01 02:00:32,828 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
    2010-01-01 02:00:32,828 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    2010-01-01 02:00:32,828 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
    2010-01-01 02:00:32,828 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
    2010-01-01 02:00:32,828 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2010-01-01 02:00:32,828 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
    2010-01-01 02:00:33,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
    2010-01-01 02:00:33,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2010-01-01 02:00:33,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
    2010-01-01 02:00:33,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
    2010-01-01 02:00:33,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2010-01-01 02:00:33,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
    2010-01-01 02:00:33,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
    2010-01-01 02:00:33,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2010-01-01 02:00:33,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
    2010-01-01 02:00:33,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
    2010-01-01 02:00:33,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2010-01-01 02:00:33,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
    2010-01-01 02:00:33,078 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
    2010-01-01 02:00:33,078 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2010-01-01 02:00:33,078 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
    2010-01-01 02:00:33,078 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
    2010-01-01 02:00:33,078 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
    2010-01-01 02:00:33,093 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
    2010-01-01 02:00:33,093 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
    2010-01-01 02:00:33,093 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
    2010-01-01 02:00:33,093 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
    2010-01-01 02:00:33,125 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
    2010-01-01 02:00:33,125 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
    2010-01-01 02:00:33,125 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
    2010-01-01 02:00:33,125 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
    2010-01-01 02:00:33,125 INFO Processing registry SOFTWARE\Classes\.avgdi
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\.avgdi not found
    2010-01-01 02:00:33,125 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
    2010-01-01 02:00:33,125 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
    2010-01-01 02:00:33,156 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
    2010-01-01 02:00:33,156 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
    2010-01-01 02:00:33,156 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\AVG\Clients
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\Clients not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\AVG\AVG8
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\AVG8 not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\AVG\AVG9
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\AVG9 not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\AVG\AVG IDS
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
    2010-01-01 02:00:33,218 DEBUG Key SOFTWARE\AVG\AVG IDS not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\AVG
    2010-01-01 02:00:33,218 DEBUG Value SOFTWARE\AVG:DumpType Remove
    2010-01-01 02:00:33,218 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found
    2010-01-01 02:00:33,218 INFO Processing registry SOFTWARE\AVG
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG Remove
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG not found
    2010-01-01 02:00:33,234 INFO Processing registry SOFTWARE\AVG Security Toolbar
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG Security Toolbar not found
    2010-01-01 02:00:33,234 INFO Processing registry SOFTWARE\AVG\AVG8
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG\AVG8 not found
    2010-01-01 02:00:33,234 INFO Processing registry SOFTWARE\AVG\AVG9
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG\AVG9 not found
    2010-01-01 02:00:33,234 INFO Processing registry SOFTWARE\AVG
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG Remove
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG not found
    2010-01-01 02:00:33,234 INFO Processing registry SOFTWARE\AVG Security Toolbar
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
    2010-01-01 02:00:33,234 DEBUG Key SOFTWARE\AVG Security Toolbar not found
    2010-01-01 02:00:33,234 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
    2010-01-01 02:00:33,234 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
    2010-01-01 02:00:33,265 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
    2010-01-01 02:00:33,265 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2010-01-01 02:00:33,265 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2010-01-01 02:00:33,265 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2010-01-01 02:00:33,265 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
    2010-01-01 02:00:33,265 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
    2010-01-01 02:00:33,296 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
    2010-01-01 02:00:33,296 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2010-01-01 02:00:33,296 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2010-01-01 02:00:33,296 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2010-01-01 02:00:33,296 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
    2010-01-01 02:00:33,296 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
    2010-01-01 02:00:33,296 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
    2010-01-01 02:00:33,296 INFO Processing registry aAvgAPI.AvgBro
    2010-01-01 02:00:33,296 DEBUG Key aAvgAPI.AvgBro ForceRemove
    2010-01-01 02:00:33,296 DEBUG Key aAvgAPI.AvgBro not found
    2010-01-01 02:00:33,296 INFO Processing registry AVG.Office
    2010-01-01 02:00:33,296 DEBUG Key AVG.Office ForceRemove
    2010-01-01 02:00:33,296 DEBUG Key AVG.Office not found
    2010-01-01 02:00:33,296 INFO Processing registry AVG.Office.8
    2010-01-01 02:00:33,296 DEBUG Key AVG.Office.8 ForceRemove
    2010-01-01 02:00:33,296 DEBUG Key AVG.Office.8 not found
    2010-01-01 02:00:33,296 INFO Processing registry avgtoolbar.AVGTOOLBAR
    2010-01-01 02:00:33,312 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key avgtoolbar.AVGTOOLBAR not found
    2010-01-01 02:00:33,312 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
    2010-01-01 02:00:33,312 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
    2010-01-01 02:00:33,312 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
    2010-01-01 02:00:33,312 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
    2010-01-01 02:00:33,312 INFO Processing registry LinkScannerIE.NavFilter
    2010-01-01 02:00:33,312 DEBUG Key LinkScannerIE.NavFilter ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key LinkScannerIE.NavFilter not found
    2010-01-01 02:00:33,312 INFO Processing registry LinkScannerIE.NavFilter.1
    2010-01-01 02:00:33,312 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key LinkScannerIE.NavFilter.1 not found
    2010-01-01 02:00:33,312 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
    2010-01-01 02:00:33,312 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
    2010-01-01 02:00:33,312 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
    2010-01-01 02:00:33,312 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
    2010-01-01 02:00:33,312 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
    2010-01-01 02:00:33,312 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
    2010-01-01 02:00:33,312 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
    2010-01-01 02:00:33,328 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
    2010-01-01 02:00:33,328 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
    2010-01-01 02:00:33,328 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
    2010-01-01 02:00:33,328 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
    2010-01-01 02:00:33,328 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
    2010-01-01 02:00:33,328 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2010-01-01 02:00:33,328 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2010-01-01 02:00:33,328 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
    2010-01-01 02:00:33,328 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
    2010-01-01 02:00:33,484 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
    2010-01-01 02:00:33,484 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
    2010-01-01 02:00:33,484 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
    2010-01-01 02:00:33,484 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
    2010-01-01 02:00:33,484 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
    2010-01-01 02:00:33,484 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
    2010-01-01 02:00:33,484 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
    2010-01-01 02:00:33,484 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2010-01-01 02:00:33,484 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2010-01-01 02:00:33,484 INFO ***** Files and folders *****
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 0
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 1
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 2
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 3
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 4
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 5
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 6
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 7
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 8
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 9
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 10
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 11
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 12
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 13
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 14
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 15
    2010-01-01 02:00:33,484 DEBUG Missing ParentDir path for fileItem number 16
    2010-01-01 02:00:33,484 DEBUG Processing item C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Application Data\AVGTOOLBAR
    2010-01-01 02:00:33,484 INFO Directory C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P\Application Data\AVGTOOLBAR not found
    2010-01-01 02:00:33,484 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,593 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
    2010-01-01 02:00:33,671 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
    2010-01-01 02:00:33,718 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5
    2010-01-01 02:00:33,718 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5 not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5
    2010-01-01 02:00:33,718 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5 not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
    2010-01-01 02:00:33,718 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
    2010-01-01 02:00:33,718 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk
    2010-01-01 02:00:33,718 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk not found
    2010-01-01 02:00:33,718 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk
    2010-01-01 02:00:33,718 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk not found
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 27
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 28
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 29
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 30
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 31
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 32
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 33
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 34
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 35
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 36
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 37
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 38
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 39
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 40
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 41
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 42
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 43
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 44
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 45
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 46
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 47
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 48
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 49
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 50
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 51
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 52
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 53
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 54
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 55
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 56
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 57
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 58
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 59
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 60
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 61
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 62
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 63
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 64
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 65
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 66
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 67
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 68
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 69
    2010-01-01 02:00:33,718 DEBUG Missing ParentDir path for fileItem number 70
    2010-01-01 02:00:33,734 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
    2010-01-01 02:00:33,734 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
    2010-01-01 02:00:33,734 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    2010-01-01 02:00:33,734 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found
    2010-01-01 02:00:33,734 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,734 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk
    2010-01-01 02:00:33,734 INFO File C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk not found
    2010-01-01 02:00:33,734 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk
    2010-01-01 02:00:33,734 INFO File C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk not found
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 76
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 77
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 78
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 79
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 80
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 81
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 82
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 83
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 84
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 85
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 86
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 87
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 88
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 89
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 90
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 91
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 92
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 93
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 94
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 95
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 96
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 97
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 98
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 99
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 100
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 101
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 102
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 103
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 104
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 105
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 106
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 107
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 108
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 109
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 110
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 111
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 112
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 113
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 114
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 115
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 116
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 117
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 118
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 119
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 120
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 121
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 122
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 123
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 124
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 125
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 126
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 127
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 128
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 129
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 130
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 131
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 132
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 133
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 134
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 135
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 136
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 137
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 138
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 139
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 140
    2010-01-01 02:00:33,734 DEBUG Missing ParentDir path for fileItem number 141
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 142
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 143
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 144
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 145
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 146
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 147
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 148
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 149
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 150
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 151
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 152
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 153
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 154
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 155
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 156
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 157
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 158
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 159
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 160
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 161
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 162
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 163
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 164
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 165
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 166
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 167
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 168
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 169
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 170
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 171
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 172
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 173
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 174
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 175
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 176
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 177
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 178
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 179
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 180
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 181
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 182
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 183
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 184
    2010-01-01 02:00:33,750 DEBUG Missing ParentDir path for fileItem number 185
    2010-01-01 02:00:33,750 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,750 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,750 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,750 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,750 DEBUG Processing item C:\WINDOWS\System32\Drivers
    2010-01-01 02:00:33,750 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
    2010-01-01 02:00:33,781 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
    2010-01-01 02:00:33,781 DEBUG Processing item C:\WINDOWS\System32
    2010-01-01 02:00:33,781 DEBUG Processing item C:\Program Files\AVG
    2010-01-01 02:00:33,781 INFO Directory C:\Program Files\AVG not found
    2010-01-01 02:00:33,781 DEBUG Missing ParentDir path for fileItem number 194
    2010-01-01 02:00:33,781 INFO ***** Avg Fw NDIS driver *****
    2010-01-01 02:00:45,187 INFO FW NDIS driver not present
     
    NanaCakes,
    #9
  11. 2010/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2010/01/01
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    Here is the combofix log:

    ComboFix 09-12-31.A1 - Owner 01/01/2010 13:02:09.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.115 [GMT -7:00]
    Running from: c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AOL Antivirus *On-access scanning enabled* (Updated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\recycler\S-1-5-21-1834971008-1193303923-1511354189-1003
    c:\recycler\S-1-5-21-1834971008-1193303923-1511354189-501
    c:\temp\1cb
    c:\temp\1cb\syscheck.log
    c:\temp\tn3
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\icroso~1.net
    c:\windows\system\hpsysdrv .DAT
    c:\windows\system\hpsysdrv .exe
    c:\windows\system32\hkcmd .exe
    c:\windows\system32\hphmon05 .exe
    c:\windows\system32\iAlmcoin.dll
    c:\windows\system32\ps2 .exe
    c:\windows\system32\ps2.bat
    c:\windows\viassary-hp.reg
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CORE
    -------\Legacy_TNIDRIVER


    ((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
    .

    2010-01-01 19:23 . 2010-01-01 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
    2010-01-01 02:52 . 2010-01-01 02:52 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Motive
    2009-12-31 19:30 . 2009-12-31 19:30 -------- d-----w- c:\program files\Trend Micro
    2009-12-31 01:34 . 2009-12-31 01:34 52224 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-31 01:34 . 2009-12-31 01:34 117760 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-31 01:32 . 2009-12-31 01:32 65024 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    2009-12-31 01:32 . 2009-12-31 01:32 18944 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    2009-12-31 01:32 . 2009-12-31 01:32 5120 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
    2009-12-31 01:32 . 2009-12-31 01:32 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-31 01:32 . 2009-12-31 01:32 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com
    2009-12-31 01:31 . 2009-12-31 01:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-30 22:34 . 2009-12-30 22:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-12-30 21:43 . 2009-12-31 21:45 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-30 21:43 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-12-30 21:43 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-12-30 21:43 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\program files\Avira
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-12-30 02:55 . 2009-12-30 02:55 388096 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2009-12-30 02:55 . 2009-12-30 02:55 -------- d-----w- c:\program files\TrendMicro
    2009-12-30 00:08 . 2009-12-30 00:08 -------- d-----w- C:\VundoFix Backups
    2009-12-30 00:00 . 2009-12-30 00:00 -------- d-----w- c:\program files\Defraggler
    2009-12-29 23:30 . 2009-12-29 23:30 -------- d-----w- c:\program files\CCleaner
    2009-12-27 21:30 . 2009-12-27 21:30 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Local Settings\Application Data\WMTools Downloaded Files
    2009-12-27 21:20 . 2009-12-27 21:20 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Template
    2009-12-27 21:02 . 2009-12-27 21:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2009-12-27 20:57 . 2009-12-27 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-12-27 20:54 . 2009-12-27 20:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-12-27 19:56 . 2009-12-27 20:05 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Apple Computer
    2009-12-27 19:51 . 2009-12-27 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-27 19:50 . 2009-12-27 19:50 -------- d-----w- c:\program files\Bonjour
    2009-12-27 19:48 . 2009-12-27 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-27 19:45 . 2009-12-27 19:45 -------- d-----w- c:\program files\Apple Software Update
    2009-12-27 19:43 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-12-27 19:43 . 2009-12-27 20:40 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-12-27 19:43 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-12-27 19:41 . 2009-12-27 19:52 -------- d-----w- c:\program files\Common Files\Apple
    2009-12-27 18:29 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Malwarebytes
    2009-12-27 04:20 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-27 04:20 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-26 20:44 . 2009-12-26 20:44 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Local Settings\Application Data\Game Mill Files
    2009-12-26 20:42 . 2009-12-26 20:42 -------- d-----w- c:\program files\GameMill Entertainment
    2009-12-26 17:07 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2009-12-26 17:07 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2009-12-26 17:07 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-12-26 17:07 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2009-12-25 01:58 . 2009-12-25 01:58 -------- d-----w- c:\windows\system32\Adobe
    2009-12-23 23:33 . 2009-12-23 23:33 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-23 22:34 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-12-23 21:23 . 2009-12-23 21:23 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\IECompatCache
    2009-12-23 21:23 . 2009-12-23 21:23 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\PrivacIE
    2009-12-23 21:20 . 2009-12-23 21:20 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-23 21:19 . 2009-12-23 21:19 152576 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-23 21:18 . 2009-12-23 21:18 79488 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-23 20:38 . 2009-12-23 20:38 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\IETldCache
    2009-12-23 20:26 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-12-23 20:26 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-12-23 20:25 . 2009-12-23 20:25 -------- d-----w- c:\windows\ie8updates
    2009-12-23 20:23 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-12-23 20:17 . 2009-12-23 20:23 -------- dc-h--w- c:\windows\ie8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-01 02:57 . 2004-12-24 23:47 -------- d-----w- c:\program files\Yahoo!
    2009-12-30 21:12 . 2008-02-14 04:02 -------- d-----w- c:\program files\Common Files\AOL
    2009-12-30 21:04 . 2008-02-14 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2009-12-30 21:04 . 2008-02-14 04:03 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\AOL
    2009-12-28 08:00 . 2005-07-24 01:31 -------- d-----w- c:\program files\Winamp
    2009-12-27 19:49 . 2004-12-30 03:36 -------- d-----w- c:\program files\QuickTime
    2009-12-27 19:44 . 2008-05-04 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-25 01:39 . 2007-07-06 01:33 1956072 -c--a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-12-23 21:19 . 2003-12-25 20:45 -------- d-----w- c:\program files\Java
    2009-12-23 19:56 . 2009-03-14 20:15 -------- d-----w- c:\program files\Hawaiian Explorer Lost Island
    2009-11-03 03:42 . 2009-10-09 14:04 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:45 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2007-12-31 00:04 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2007-12-31 00:03 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2007-12-31 00:03 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2007-12-28 07:28 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2003-09-18 06:08 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2003-09-18 06:08 79872 ----a-w- c:\windows\system32\raschap.dll
    2007-06-11 02:11 . 2007-06-11 02:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
    .
    Code:
    <pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Common Files\Symantec Shared\ccRegVfy .exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
c:\program files\HP\HP Software Update\HPWuSchd .exe
c:\program files\Norton AntiVirus\Cfgwiz .exe
c:\program files\WildTangent\Apps\GameChannel .exe
c:\program files\Yahoo!\Messenger\YahooMessenger .exe
c:\windows\SMINST\RECGUARD .EXE
c:\windows\wt\updater\wcmdmgrl .exe
</pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW "= "nview.dll" [2003-05-03 835654]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-XHTR8HVC4P^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    path=c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    c:\windows\System32\jkhfe.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
    c:\windows\ICROSO~1.NET\netdde.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-05-03 06:19 4640768 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2003-05-03 06:19 323584 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 06:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVGFwSrv "=2 (0x2)
    "AVGEMS "=2 (0x2)
    "Avg7UpdSvc "=2 (0x2)
    "Avg7Alrt "=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    R2 mrtRate;mrtRate; [x]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-01 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Notify-gebxyxw - gebxyxw.dll
    Notify-oxbjobro - oxbjobro.dll
    AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-01 13:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2219435402-3076144580-2775535486-1003\Software\SecuROM\License information*]
    "datasecu "=hex:02,14,76,42,80,3d,87,07,8b,c2,69,5a,20,82,df,9b,75,c5,dc,f9,2c,
    f0,07,7e,0d,8b,dd,9d,15,71,0b,78,45,e0,f6,46,c5,5d,98,92,f7,d9,91,24,52,80,\
    "rkeysecu "=hex:85,af,41,8c,18,db,51,df,d3,d2,2f,38,32,b2,d6,b0
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(496)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(3784)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\mcafee.com\personal firewall\MPFService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-01 13:32:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-01 20:32

    Pre-Run: 19,754,455,040 bytes free
    Post-Run: 19,989,647,360 bytes free

    - - End Of File - - ED9A6D1FDFD9FECE9E60233A425C4CB2
     
    NanaCakes,
    #11
  13. 2010/01/01
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    And here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:45:48 PM, on 1/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 5993 bytes
     
    NanaCakes,
    #12
  14. 2010/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::

Folder::
c:\documents and settings\All Users\Application Data\Avg7
c:\program files\Common Files\Symantec Shared
c:\program files\Norton AntiVirus


Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
 "AVGFwSrv "=-
 "AVGEMS "=-
 "Avg7UpdSvc "=-
 "Avg7Alrt "=-


RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #13
  15. 2010/01/01
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    ComboFix 09-12-31.A1 - Owner 01/01/2010 14:36:10.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.121 [GMT -7:00]
    Running from: c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AOL Antivirus *On-access scanning enabled* (Updated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Avg7
    c:\program files\Common Files\Symantec Shared
    c:\program files\Common Files\Symantec Shared\ccAlert.dll
    c:\program files\Common Files\Symantec Shared\ccApp .exe
    c:\program files\Common Files\Symantec Shared\ccDec.dll
    c:\program files\Common Files\Symantec Shared\ccInst.dll
    c:\program files\Common Files\Symantec Shared\ccL40.dll
    c:\program files\Common Files\Symantec Shared\ccProd.dll
    c:\program files\Common Files\Symantec Shared\ccProSub.dll
    c:\program files\Common Files\Symantec Shared\ccRegVfy .exe
    c:\program files\Common Files\Symantec Shared\ccScan.dll
    c:\program files\Common Files\Symantec Shared\ccSet.dll
    c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
    c:\program files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
    c:\program files\Common Files\Symantec Shared\Default.rul
    c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
    c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
    c:\program files\Common Files\Symantec Shared\eengine\eectrl.sys
    c:\program files\Common Files\Symantec Shared\eengine\EPERSIST.DAT
    c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys
    c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
    c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
    c:\program files\Common Files\Symantec Shared\IDS\DefUtDcd.dll
    c:\program files\Common Files\Symantec Shared\IDS\IDSaux.dll
    c:\program files\Common Files\Symantec Shared\IDS\IdsInst.exe
    c:\program files\Common Files\Symantec Shared\IDS\Patch25.dll
    c:\program files\Common Files\Symantec Shared\IDS\SymIDSLU.dll
    c:\program files\Common Files\Symantec Shared\IraLsClt.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe
    c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.liveReg
    c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
    c:\program files\Common Files\Symantec Shared\LiveReg\iraLSCl2.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc2.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\LR2CHLP.HLP
    c:\program files\Common Files\Symantec Shared\LiveReg\LrResEN.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe
    c:\program files\Common Files\Symantec Shared\LiveReg\VcResEN.dll
    c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
    c:\program files\Common Files\Symantec Shared\LiveReg\Watermrk.gif
    c:\program files\Common Files\Symantec Shared\rcAlert.dll
    c:\program files\Common Files\Symantec Shared\rcApp.dll
    c:\program files\Common Files\Symantec Shared\rcEmlPxy.dll
    c:\program files\Common Files\Symantec Shared\rcErrDsp.dll
    c:\program files\Common Files\Symantec Shared\rcEvtMgr.dll
    c:\program files\Common Files\Symantec Shared\rcLgView.dll
    c:\program files\Common Files\Symantec Shared\rcSetMgr.dll
    c:\program files\Common Files\Symantec Shared\Security Center\sscnav.dll
    c:\program files\Common Files\Symantec Shared\Security Center\sscnis56.dll
    c:\program files\Common Files\Symantec Shared\Security Center\sscnis7.dll
    c:\program files\Common Files\Symantec Shared\Security Center\SSCOpts.dat
    c:\program files\Common Files\Symantec Shared\Security Center\SymSCWb.dll
    c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    c:\program files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
    c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    c:\program files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll
    c:\program files\Common Files\Symantec Shared\SNDInst.exe
    c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\program files\Common Files\Symantec Shared\SNDunin.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\2006-08-09-60d8.kc
    c:\program files\Common Files\Symantec Shared\SPBBC\2007-05-25-44e4.kc
    c:\program files\Common Files\Symantec Shared\SPBBC\2007-06-21-260d.kc
    c:\program files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\init.kc
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log
    c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.CAT
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.inf
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\UpdMgr.exe
    c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\eraser.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\eraser.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\eraser.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\scs-sav.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\scs-sav.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\scs-sav.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
    c:\program files\Common Files\Symantec Shared\SSC\IMailUI.ocx
    c:\program files\Common Files\Symantec Shared\SSC\LDDateTm.ocx
    c:\program files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx
    c:\program files\Common Files\Symantec Shared\SSC\LDVPDlgs.ocx
    c:\program files\Common Files\Symantec Shared\SSC\LDVPTask.ocx
    c:\program files\Common Files\Symantec Shared\SSC\ldvpui.ocx
    c:\program files\Common Files\Symantec Shared\SSC\LDVPView.ocx
    c:\program files\Common Files\Symantec Shared\SSC\scandlgs.dll
    c:\program files\Common Files\Symantec Shared\SSC\ScsComms.dll
    c:\program files\Common Files\Symantec Shared\SSC\SymProtectUI.ocx
    c:\program files\Common Files\Symantec Shared\SSC\Transman.dll
    c:\program files\Common Files\Symantec Shared\SSC\vpshell2.dll
    c:\program files\Common Files\Symantec Shared\SSC\webshell.dll
    c:\program files\Common Files\Symantec Shared\Validate.dat
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\CATALOG.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\CCERASER.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ECBOOTIL.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ECMSVR32.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\EECTRL.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ERASER.GRD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ERASER.SIG
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ERASER.SPM
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ERASER.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ESRDEF.BIN
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\HH
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVENG.EXP
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVENG.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVENG.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVENG32.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVEX15.EXP
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVEX15.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVEX15.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NAVEX32A.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\NCSACERT.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\SCRAUTH.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\SYMAVENG.CAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\SYMAVENG.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\SYMERASE.CAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\SYMERASE.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TCDEFS.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TCSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TCSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TCSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TECHNOTE.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TINF.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TINFIDX.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TINFL.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\TSCAN1HD.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\V.GRD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\V.SIG
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN2.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN3.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN4.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN5.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN6.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\VIRSCANT.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\WHATSNEW.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20060215.006\ZDONE.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\CATALOG.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\CCERASER.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ECBOOTIL.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ECMSVR32.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\EECTRL.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ERASER.GRD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ERASER.SIG
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ERASER.SPM
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ERASER.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ESRDEF.BIN
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\HH
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVENG.EXP
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVENG.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVENG.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVENG32.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVEX15.EXP
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVEX15.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVEX15.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NAVEX32A.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\NCSACERT.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\SCRAUTH.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\SYMAVENG.CAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\SYMAVENG.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\SYMERASE.CAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\SYMERASE.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TCDEFS.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TCSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TCSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TCSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TECHNOTE.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TINF.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TINFIDX.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TINFL.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\TSCAN1HD.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\V.GRD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\V.SIG
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN2.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN3.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN4.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN5.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN6.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCANT.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\WHATSNEW.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061119.004\ZDONE.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\CATALOG.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\CCERASER.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ECBOOTIL.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ECMSVR32.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\EECTRL.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ERASER.GRD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ERASER.SIG
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ERASER.SPM
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ERASER.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ESRDEF.BIN
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\HH
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVENG.EXP
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVENG.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVENG.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVENG32.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVEX15.EXP
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVEX15.SYS
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVEX15.VXD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NAVEX32A.DLL
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\NCSACERT.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\SCRAUTH.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\SYMAVENG.CAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\SYMAVENG.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\SYMERASE.CAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\SYMERASE.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TCDEFS.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TCSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TCSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TCSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TECHNOTE.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TINF.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TINFIDX.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TINFL.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\TSCAN1HD.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\V.GRD
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\V.SIG
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN.INF
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN2.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN3.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN4.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN5.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN6.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\VIRSCANT.DAT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\WHATSNEW.TXT
    c:\program files\Common Files\Symantec Shared\VirusDefs\20061120.017\ZDONE.DAT
    c:\program files\Norton AntiVirus
    c:\program files\Norton AntiVirus\Cfgwiz .exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
    .

    2010-01-01 02:52 . 2010-01-01 02:52 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Motive
    2009-12-31 19:30 . 2009-12-31 19:30 -------- d-----w- c:\program files\Trend Micro
    2009-12-31 01:34 . 2009-12-31 01:34 52224 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-31 01:34 . 2009-12-31 01:34 117760 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-31 01:32 . 2009-12-31 01:32 65024 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    2009-12-31 01:32 . 2009-12-31 01:32 18944 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    2009-12-31 01:32 . 2009-12-31 01:32 5120 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
    2009-12-31 01:32 . 2009-12-31 01:32 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-31 01:32 . 2009-12-31 01:32 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com
    2009-12-31 01:31 . 2009-12-31 01:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-30 22:34 . 2009-12-30 22:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-12-30 21:43 . 2009-12-31 21:45 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-30 21:43 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-12-30 21:43 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-12-30 21:43 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\program files\Avira
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-12-30 02:55 . 2009-12-30 02:55 388096 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2009-12-30 02:55 . 2009-12-30 02:55 -------- d-----w- c:\program files\TrendMicro
    2009-12-30 00:08 . 2009-12-30 00:08 -------- d-----w- C:\VundoFix Backups
    2009-12-30 00:00 . 2009-12-30 00:00 -------- d-----w- c:\program files\Defraggler
    2009-12-29 23:30 . 2009-12-29 23:30 -------- d-----w- c:\program files\CCleaner
    2009-12-27 21:30 . 2009-12-27 21:30 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Local Settings\Application Data\WMTools Downloaded Files
    2009-12-27 21:20 . 2009-12-27 21:20 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Template
    2009-12-27 21:02 . 2009-12-27 21:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2009-12-27 20:57 . 2009-12-27 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-12-27 20:54 . 2009-12-27 20:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-12-27 19:56 . 2009-12-27 20:05 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Apple Computer
    2009-12-27 19:51 . 2009-12-27 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-27 19:50 . 2009-12-27 19:50 -------- d-----w- c:\program files\Bonjour
    2009-12-27 19:48 . 2009-12-27 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-27 19:45 . 2009-12-27 19:45 -------- d-----w- c:\program files\Apple Software Update
    2009-12-27 19:43 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-12-27 19:43 . 2009-12-27 20:40 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-12-27 19:43 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-12-27 19:41 . 2009-12-27 19:52 -------- d-----w- c:\program files\Common Files\Apple
    2009-12-27 18:29 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Malwarebytes
    2009-12-27 04:20 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-27 04:20 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-26 20:44 . 2009-12-26 20:44 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Local Settings\Application Data\Game Mill Files
    2009-12-26 20:42 . 2009-12-26 20:42 -------- d-----w- c:\program files\GameMill Entertainment
    2009-12-26 17:07 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2009-12-26 17:07 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2009-12-26 17:07 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-12-26 17:07 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2009-12-25 01:58 . 2009-12-25 01:58 -------- d-----w- c:\windows\system32\Adobe
    2009-12-23 23:33 . 2009-12-23 23:33 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-23 22:34 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-12-23 21:23 . 2009-12-23 21:23 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\IECompatCache
    2009-12-23 21:23 . 2009-12-23 21:23 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\PrivacIE
    2009-12-23 21:20 . 2009-12-23 21:20 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-23 21:19 . 2009-12-23 21:19 152576 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-23 21:18 . 2009-12-23 21:18 79488 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-23 20:38 . 2009-12-23 20:38 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\IETldCache
    2009-12-23 20:26 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-12-23 20:26 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-12-23 20:25 . 2009-12-23 20:25 -------- d-----w- c:\windows\ie8updates
    2009-12-23 20:23 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-12-23 20:17 . 2009-12-23 20:23 -------- dc-h--w- c:\windows\ie8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-01 02:57 . 2004-12-24 23:47 -------- d-----w- c:\program files\Yahoo!
    2009-12-30 21:12 . 2008-02-14 04:02 -------- d-----w- c:\program files\Common Files\AOL
    2009-12-30 21:04 . 2008-02-14 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2009-12-30 21:04 . 2008-02-14 04:03 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\AOL
    2009-12-28 08:00 . 2005-07-24 01:31 -------- d-----w- c:\program files\Winamp
    2009-12-27 19:49 . 2004-12-30 03:36 -------- d-----w- c:\program files\QuickTime
    2009-12-27 19:44 . 2008-05-04 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-25 01:39 . 2007-07-06 01:33 1956072 -c--a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-12-23 21:19 . 2003-12-25 20:45 -------- d-----w- c:\program files\Java
    2009-12-23 19:56 . 2009-03-14 20:15 -------- d-----w- c:\program files\Hawaiian Explorer Lost Island
    2009-11-03 03:42 . 2009-10-09 14:04 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:45 . 2006-06-23 18:33 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2007-12-31 00:04 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2007-12-31 00:03 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2007-12-31 00:03 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2007-12-28 07:28 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2003-09-18 06:08 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2003-09-18 06:08 79872 ----a-w- c:\windows\system32\raschap.dll
    2007-06-11 02:11 . 2007-06-11 02:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
    .
    Code:
    <pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
c:\program files\HP\HP Software Update\HPWuSchd .exe
c:\program files\WildTangent\Apps\GameChannel .exe
c:\program files\Yahoo!\Messenger\YahooMessenger .exe
c:\windows\SMINST\RECGUARD .EXE
c:\windows\wt\updater\wcmdmgrl .exe
</pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW "= "nview.dll" [2003-05-03 835654]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-XHTR8HVC4P^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    path=c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    c:\windows\System32\jkhfe.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
    c:\windows\ICROSO~1.NET\netdde.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-05-03 06:19 4640768 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2003-05-03 06:19 323584 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 06:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/30/2009 2:43 PM 108289]
    S2 mrtRate;mrtRate; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-01 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-LiveReg - c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-01 14:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2219435402-3076144580-2775535486-1003\Software\SecuROM\License information*]
    "datasecu "=hex:02,14,76,42,80,3d,87,07,8b,c2,69,5a,20,82,df,9b,75,c5,dc,f9,2c,
    f0,07,7e,0d,8b,dd,9d,15,71,0b,78,45,e0,f6,46,c5,5d,98,92,f7,d9,91,24,52,80,\
    "rkeysecu "=hex:85,af,41,8c,18,db,51,df,d3,d2,2f,38,32,b2,d6,b0
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(496)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-01-01 14:56:41
    ComboFix-quarantined-files.txt 2010-01-01 21:56
    ComboFix2.txt 2010-01-01 20:32

    Pre-Run: 19,982,888,960 bytes free
    Post-Run: 19,951,407,104 bytes free

    - - End Of File - - 48AF7A3312C20CD9ED815BDB724E3F33
     
    NanaCakes,
    #14
  16. 2010/01/01
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:21:11 PM, on 1/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 5930 bytes
     
    NanaCakes,
    #15
  17. 2010/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is your computer doing at this moment?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::

Folder::
c:\program files\Common Files\AOL
c:\documents and settings\All Users\Application Data\AOL
c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\AOL


Driver::

Registry::

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #16
  18. 2010/01/01
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    My computer is running a LOT better. The only things that are slow now is when I open a new internet explorer window and sometimes when loading the start button menu. The only other thing that I see is the big red X still over the c drive. Here is one of the logs you requested....Happy new year by the way.

    ComboFix 09-12-31.A1 - Owner 01/01/2010 18:51:13.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.104 [GMT -7:00]
    Running from: c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AOL Antivirus *On-access scanning enabled* (Updated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\AOL
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\BFTSDatabase.dat
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\TriggerFile4.xml
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\TriggerFile5.xml
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\TriggerFile8.xml
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\profile.dat
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\METRICS\Stic.log
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\1\1.1.1
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\11\1.1.1
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\2\1.1.1
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\3\1.1.1
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\4\0.0.4
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\4\0.0.5
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\4\0.0.8
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\6\1.1.1
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\8\1.1.1
    c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\PERSISTENT\9\1.1.1
    c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\AOL
    c:\program files\Common Files\AOL
    c:\program files\Common Files\AOL\AOLFirewallMgr.ini

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
    .

    2010-01-01 02:52 . 2010-01-01 02:52 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Motive
    2009-12-31 19:30 . 2009-12-31 19:30 -------- d-----w- c:\program files\Trend Micro
    2009-12-31 01:34 . 2009-12-31 01:34 52224 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-31 01:34 . 2009-12-31 01:34 117760 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-31 01:32 . 2009-12-31 01:32 65024 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    2009-12-31 01:32 . 2009-12-31 01:32 18944 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    2009-12-31 01:32 . 2009-12-31 01:32 5120 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
    2009-12-31 01:32 . 2009-12-31 01:32 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-31 01:32 . 2009-12-31 01:32 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\SUPERAntiSpyware.com
    2009-12-31 01:31 . 2009-12-31 01:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-30 22:34 . 2009-12-30 22:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-12-30 21:43 . 2009-12-31 21:45 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-30 21:43 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-12-30 21:43 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-12-30 21:43 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\program files\Avira
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-12-30 02:55 . 2009-12-30 02:55 388096 ----a-r- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2009-12-30 02:55 . 2009-12-30 02:55 -------- d-----w- c:\program files\TrendMicro
    2009-12-30 00:08 . 2009-12-30 00:08 -------- d-----w- C:\VundoFix Backups
    2009-12-30 00:00 . 2009-12-30 00:00 -------- d-----w- c:\program files\Defraggler
    2009-12-29 23:30 . 2009-12-29 23:30 -------- d-----w- c:\program files\CCleaner
    2009-12-27 21:30 . 2009-12-27 21:30 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Local Settings\Application Data\WMTools Downloaded Files
    2009-12-27 21:20 . 2009-12-27 21:20 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Template
    2009-12-27 21:02 . 2009-12-27 21:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2009-12-27 20:57 . 2009-12-27 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-12-27 20:54 . 2009-12-27 20:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-12-27 19:56 . 2009-12-27 20:05 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Apple Computer
    2009-12-27 19:51 . 2009-12-27 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-27 19:50 . 2009-12-27 19:50 -------- d-----w- c:\program files\Bonjour
    2009-12-27 19:48 . 2009-12-27 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-27 19:45 . 2009-12-27 19:45 -------- d-----w- c:\program files\Apple Software Update
    2009-12-27 19:43 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-12-27 19:43 . 2009-12-27 20:40 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-12-27 19:43 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-12-27 19:41 . 2009-12-27 19:52 -------- d-----w- c:\program files\Common Files\Apple
    2009-12-27 18:29 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Malwarebytes
    2009-12-27 04:20 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-27 04:20 . 2009-12-27 04:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-27 04:20 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-26 20:44 . 2009-12-26 20:44 -------- d-----w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Local Settings\Application Data\Game Mill Files
    2009-12-26 20:42 . 2009-12-26 20:42 -------- d-----w- c:\program files\GameMill Entertainment
    2009-12-26 17:07 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2009-12-26 17:07 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2009-12-26 17:07 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-12-26 17:07 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2009-12-25 01:58 . 2009-12-25 01:58 -------- d-----w- c:\windows\system32\Adobe
    2009-12-23 23:33 . 2009-12-23 23:33 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-23 22:34 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-12-23 21:23 . 2009-12-23 21:23 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\IECompatCache
    2009-12-23 21:23 . 2009-12-23 21:23 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\PrivacIE
    2009-12-23 21:20 . 2009-12-23 21:20 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-23 21:19 . 2009-12-23 21:19 152576 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-23 21:18 . 2009-12-23 21:18 79488 ----a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-23 20:38 . 2009-12-23 20:38 -------- d-sh--w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\IETldCache
    2009-12-23 20:26 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-12-23 20:26 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-12-23 20:25 . 2009-12-23 20:25 -------- d-----w- c:\windows\ie8updates
    2009-12-23 20:23 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-12-23 20:17 . 2009-12-23 20:23 -------- dc-h--w- c:\windows\ie8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-01 02:57 . 2004-12-24 23:47 -------- d-----w- c:\program files\Yahoo!
    2009-12-28 08:00 . 2005-07-24 01:31 -------- d-----w- c:\program files\Winamp
    2009-12-27 19:49 . 2004-12-30 03:36 -------- d-----w- c:\program files\QuickTime
    2009-12-27 19:44 . 2008-05-04 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-25 01:39 . 2007-07-06 01:33 1956072 -c--a-w- c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-12-23 21:19 . 2003-12-25 20:45 -------- d-----w- c:\program files\Java
    2009-12-23 19:56 . 2009-03-14 20:15 -------- d-----w- c:\program files\Hawaiian Explorer Lost Island
    2009-11-03 03:42 . 2009-10-09 14:04 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:45 . 2006-06-23 18:33 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2007-12-31 00:04 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2007-12-31 00:03 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2007-12-31 00:03 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2007-12-28 07:28 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2003-09-18 06:08 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2003-09-18 06:08 79872 ----a-w- c:\windows\system32\raschap.dll
    2007-06-11 02:11 . 2007-06-11 02:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
    .
    Code:
    <pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
c:\program files\HP\HP Software Update\HPWuSchd .exe
c:\program files\WildTangent\Apps\GameChannel .exe
c:\program files\Yahoo!\Messenger\YahooMessenger .exe
c:\windows\SMINST\RECGUARD .EXE
c:\windows\wt\updater\wcmdmgrl .exe
</pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW "= "nview.dll" [2003-05-03 835654]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-XHTR8HVC4P^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    path=c:\documents and settings\Owner.YOUR-XHTR8HVC4P\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    c:\windows\System32\jkhfe.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
    c:\windows\ICROSO~1.NET\netdde.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-05-03 06:19 4640768 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2003-05-03 06:19 323584 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 06:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/30/2009 2:43 PM 108289]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    S2 mrtRate;mrtRate; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-01 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-01 19:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2219435402-3076144580-2775535486-1003\Software\SecuROM\License information*]
    "datasecu "=hex:02,14,76,42,80,3d,87,07,8b,c2,69,5a,20,82,df,9b,75,c5,dc,f9,2c,
    f0,07,7e,0d,8b,dd,9d,15,71,0b,78,45,e0,f6,46,c5,5d,98,92,f7,d9,91,24,52,80,\
    "rkeysecu "=hex:85,af,41,8c,18,db,51,df,d3,d2,2f,38,32,b2,d6,b0
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(496)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-01-01 19:10:35
    ComboFix-quarantined-files.txt 2010-01-02 02:10
    ComboFix2.txt 2010-01-01 21:56
    ComboFix3.txt 2010-01-01 20:32

    Pre-Run: 19,922,485,248 bytes free
    Post-Run: 19,947,831,296 bytes free

    - - End Of File - - 9926C1D7AD10182A3EAEE61753AC01F1
     
    NanaCakes,
    #17
  19. 2010/01/01
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    Here is the HijackThis log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:29:11 PM, on 1/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 5930 bytes
     
    NanaCakes,
    #18
  20. 2010/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Happy New Year to you too :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Restart computer.

    ===============================================================

    You also have some McAfee leftovers.
    Download and run McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    When done....

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Post fresh HijackThis log as well.
     
    broni,
    #19
  21. 2010/01/02
    NanaCakes

    NanaCakes Inactive Thread Starter

    Joined:
    2009/12/29
    Messages:
    21
    Likes Received:
    0
    4ac4545b.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ac4545b.qua;Tool.ProcessKill;;
    4ac4545b.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
    4E5FFB31.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540000;Win32.IRC.Bot.based;Deleted.;
    A0045798.exe/data002\{app}\Inbox.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP553\A0045798.exe/data002;Probably DLOADER.Trojan;;
    data002;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP553;Archive contains infected objects;;
    A0045798.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP553;Container contains infected objects;Moved.;
    A0052413.bat;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Probably BATCH.Virus;;
    A0052524.bat;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Probably BATCH.Virus;;
    A0052771.bat;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Probably BATCH.Virus;;
    A0052841.bat;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Probably BATCH.Virus;;
    A0052900.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565\A0052900.exe;Probably BATCH.Virus;;
    A0052900.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Archive contains infected objects;Moved.;
    A0052936.bat;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Probably BATCH.Virus;;
    A0053003.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP565;Probably BACKDOOR.Trojan;;
     
    NanaCakes,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...