Solved Trojan Downloader.Generic7.AUDU dropper

[Resolved] Trojan Downloader.Generic7.AUDU dropper

This Trojan Downloader.Generic7.AUDU dropper was discovered by avg yesterday. I found this trojan was hidden in some music I had that I have on an external HDD and It was put onto my new Laptop. I think there were two entries, and also about 6 tracking entries also that was found by AVG. I think I did the wrong thing tho... AVG said it successfully removed the trojans and trackers off my laptop... then I plugged in my External HDD to delete it off there, so I scanned the file that had the trojan in it nothing showed so I just then deleted the file manually that the trojan was hidden in... emptied the recycle bin, and then cleaned up using Ccleaners registry cleanup and cache cleaner.

My AVG fails to update new software so the trojan has succeeded in that... also, I had only AVG so then I went to download Ad-aware and it downloaded the file and when I install it it stops and says somthing like "file specified could not be loacated ". Also, I cannot run my computer in Safe Mode, I have Vista. I press enter when it says safemode... it then restarts and boots in normal mode.

This trojan has really got me, I know I have done something really wrong somewhere its really annoying.

Ever since I have found the trojan and started deleting it and using AVG it has been getting worse.

Your help would be greatly appreciated.

Those people who create viruses need to learn... "Do unto others as you would have others do unto you. [Matthew 7:120]. "

Cheers,
Guys

 

Hi there,
This is my HJT report... I downloaded it after virus so not sure if it will work. Also, I have been keeping my com offline to avoid further problems and trackings...

Here is HJT log file, don't know what I need to delete in it though...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:24 a.m., on 12/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] c:\Program Files\Acer Bio Protection\PdtWzd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe "
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe "
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Update Service (gupdate1ca248cd4ad29a0) (gupdate1ca248cd4ad29a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 9743 bytes

 

Hi

I dont understand why you posted that? I have already read the rules of this forum when I signed up...

 

Hi

Sure thing! I will get that done now

 

DDS (Ver_09-07-30.01) - NTFSx86
Run by Spiderpug at 13:38:00.25 on Sat 12/09/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.64.1033.18.3197.2053 [GMT 12:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
c:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\Spiderpug\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [VitaKeyPdtWzd] c:\program files\acer bio protection\PdtWzd.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe "
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe "
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe "
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
AppInit_DLLs: avgrsstx.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\spider~1\appdata\roaming\mozilla\firefox\profiles\gibo8put.default\
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-7-11 42608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-9 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-9 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-9 159600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-9 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-9 297752]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-7-8 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-7-8 723488]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-2-19 3440128]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-10 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-10 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-10 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-28 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-12 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-24 144632]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-9-9 73840]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-9-9 95640]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-7-8 22072]
S2 gupdate1ca248cd4ad29a0;Google Update Service (gupdate1ca248cd4ad29a0);c:\program files\google\update\GoogleUpdate.exe [2009-8-24 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-8 29472]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-24 50424]

=============== Created Last 30 ================

2009-09-12 10:34 <DIR> --d----- c:\program files\Trend Micro
2009-09-11 21:10 <DIR> --d----- c:\users\spider~1\appdata\roaming\Grisoft
2009-09-11 21:10 10,872 a------- c:\windows\system32\drivers\AvgAsCln.sys
2009-09-11 21:10 <DIR> --d----- c:\programdata\Grisoft
2009-09-11 21:10 <DIR> --d----- c:\progra~2\Grisoft
2009-09-11 16:29 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-09 22:44 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-09 22:44 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-09 22:44 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-09 22:43 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-09 22:43 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-09-09 22:43 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-09-09 22:43 <DIR> --d----- c:\program files\AVG
2009-09-09 22:43 <DIR> --d----- c:\programdata\avg8
2009-09-09 22:43 <DIR> --d----- c:\progra~2\avg8
2009-09-09 10:32 <DIR> --d----- c:\users\spider~1\appdata\roaming\PCToolsFirewallPlus
2009-09-09 10:30 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-09 10:30 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-09 10:30 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-09 10:28 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-09-09 10:28 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-09 10:28 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-09-09 10:28 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-09-09 10:23 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-09 10:23 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-07 21:33 <DIR> --d----- c:\users\spider~1\appdata\roaming\eSobi
2009-09-02 21:01 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-22 20:49 12 a------- c:\windows\bthservsdp.dat
2009-08-20 16:01 <DIR> --d----- c:\program files\tcnzActivation
2009-08-20 16:01 <DIR> --d----- c:\program files\common files\Motive
2009-08-20 16:01 <DIR> --d----- c:\programdata\Motive
2009-08-17 16:20 <DIR> --d----- c:\program files\CCleaner
2009-08-15 19:09 3,350 a------- C:\rollback.ini
2009-08-15 16:57 <DIR> --d----- c:\users\spiderpug\Tracing
2009-08-15 14:04 <DIR> --d----- c:\program files\uTorrent
2009-08-15 14:03 <DIR> --d----- c:\users\spider~1\appdata\roaming\uTorrent
2009-08-14 18:58 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-14 18:58 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-14 18:57 <DIR> --d----- c:\program files\iPod
2009-08-14 18:57 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-14 18:57 <DIR> --d----- c:\program files\iTunes
2009-08-14 18:57 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-14 18:56 <DIR> --d----- c:\program files\Bonjour
2009-08-14 18:55 <DIR> --d----- c:\programdata\Apple Computer
2009-08-14 18:50 <DIR> --d----- c:\programdata\Apple
2009-08-14 18:29 <DIR> --d----- c:\programdata\CheckPoint
2009-08-14 18:29 <DIR> --d----- c:\progra~2\CheckPoint
2009-08-14 18:21 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-14 18:21 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-14 18:21 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-14 18:21 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-14 18:21 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-14 18:21 11,264 a------- c:\windows\system32\icardres.dll
2009-08-14 18:21 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-14 18:21 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-14 18:13 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-14 18:13 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-14 18:13 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-14 18:13 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-14 18:13 83,968 a------- c:\windows\system32\mscories.dll
2009-08-14 18:11 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-14 18:09 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-14 18:09 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-14 18:09 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-14 18:09 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-14 18:09 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-14 18:09 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-14 18:09 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-14 18:06 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-14 18:05 <DIR> --d----- c:\users\spider~1\appdata\roaming\AVG8
2009-08-14 17:59 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-14 17:58 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-14 17:58 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-14 17:58 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-14 17:53 952,832 a------- c:\windows\system32\drivers\athr.sys
2009-08-14 17:53 952,832 a------- c:\windows\system32\athr.sys
2009-08-14 17:53 127,978 a------- c:\windows\system32\netathr.inf
2009-08-14 17:53 40,728 a------- c:\windows\system32\athrext.cat
2009-08-14 17:53 393,216 a------- c:\windows\system32\athihvs.dll
2009-08-14 17:53 53,248 a------- c:\windows\system32\athihvui.dll
2009-08-14 17:53 <DIR> --d----- c:\windows\system32\nn-NO
2009-08-14 17:53 <DIR> --d----- c:\program files\Cisco
2009-08-14 17:53 <DIR> --d----- c:\program files\Atheros
2009-08-14 17:41 <DIR> --d----- c:\users\spider~1\appdata\roaming\EgisTec
2009-08-14 17:36 <DIR> --d----- c:\programdata\Atheros
2009-08-14 17:36 <DIR> --d----- c:\progra~2\Atheros
2009-08-14 17:35 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-14 15:43 <DIR> --d-h--- C:\MyWinLockerData
2009-08-14 15:09 <DIR> --d----- c:\users\spider~1\appdata\roaming\PowerCinema
2009-08-14 15:09 <DIR> --d----- c:\programdata\EgisTec
2009-08-14 15:09 <DIR> --d----- c:\progra~2\EgisTec
2009-08-14 15:08 <DIR> --d----- c:\programdata\Google
2009-08-14 15:06 <DIR> --d----- c:\users\Spiderpug
2009-08-14 15:06 <DIR> --d----- c:\users\spider~1\appdata\roaming\Acer GameZone Console
2009-08-14 15:01 <DIR> --dsh--- c:\programdata\Documents
2009-08-14 15:01 <DIR> --dsh--- C:\Documents and Settings

==================== Find3M ====================

2009-09-09 10:29 51,200 a------- c:\windows\inf\infpub.dat
2009-09-09 10:29 86,016 a------- c:\windows\inf\infstor.dat
2009-09-09 10:29 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-22 21:51 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-19 04:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-19 04:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 21:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 02:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-08 14:52 200,704 a------- c:\windows\PLFSetI.exe
2009-07-08 14:30 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-08 14:30 196,608 a------- c:\windows\system32\fsquirt.exe
2009-07-08 14:25 428,544 a------- c:\windows\system32\EncDec.dll
2009-07-08 14:25 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-16 03:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-06-16 03:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-16 03:24 72,704 a------- c:\windows\system32\secur32.dll
2009-06-16 03:24 270,848 a------- c:\windows\system32\schannel.dll
2009-06-16 03:23 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-06-16 03:22 213,504 a------- c:\windows\system32\msv1_0.dll
2009-06-16 03:21 499,712 a------- c:\windows\system32\kerberos.dll
2009-06-16 03:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-16 03:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-16 00:57 9,728 a------- c:\windows\system32\lsass.exe
2009-06-16 00:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-01-21 14:43 174 a--sh--- c:\program files\desktop.ini
2006-11-03 00:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-03 00:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-03 00:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-03 00:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 21:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 21:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 21:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 21:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:39:11.67 ===============

 

I had Zone alarm, but Now I have PC tools firewall plus, I deleted Zonealarm

 

Hi

Antivirus program is AVG Free 8.5

 

Results of screen317's Security Check version 0.98.9
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 8.5
AVG Anti-Spyware 7.5

PC Tools Firewall Plus 5.0

Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
AVG Anti-Spyware 7.5
HijackThis 2.0.2
CCleaner (remove only)
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe

PC Tools Firewall Plus FirewallGUI.exe

``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

 

Hi

I am at university, they have a proxy server here... will that interupt anything.

 

Hi

Cheers,
I am at home now, so no proxy settings, I will continue with post #9

 

Hi

Ok so here is the result from combofix....

ComboFix 09-09-11.01 - Spiderpug 12/09/2009 15:11.1.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.64.1033.18.3197.2072 [GMT 12:00]
Running from: c:\users\Spiderpug\Downloads\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\25f8f.msi
c:\windows\Installer\2fa23.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-12 03:20 . 2009-09-12 03:58 -------- d-----w- c:\users\Spiderpug\AppData\Local\temp
2009-09-12 03:20 . 2009-09-12 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-12 03:20 . 2009-09-12 03:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-09-11 22:34 . 2009-09-11 22:34 -------- d-----w- c:\program files\Trend Micro
2009-09-11 09:10 . 2009-09-11 09:10 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\Grisoft
2009-09-11 09:10 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2009-09-11 09:10 . 2009-09-11 09:10 -------- d-----w- c:\programdata\Grisoft
2009-09-11 04:29 . 2009-09-11 04:29 -------- d-----w- C:\$AVG8.VAULT$
2009-09-09 10:53 . 2009-09-09 10:53 -------- d-----w- c:\users\Spiderpug\AppData\Local\AVG Security Toolbar
2009-09-09 10:44 . 2009-09-09 10:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-09 10:44 . 2009-09-09 10:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-09 10:44 . 2009-09-09 10:44 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-09 10:44 . 2009-09-09 10:44 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-09 10:43 . 2009-09-11 22:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-09 10:43 . 2009-09-09 10:43 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-09 10:43 . 2009-09-09 10:43 -------- d-----w- c:\program files\AVG
2009-09-09 10:43 . 2009-09-09 10:43 -------- d-----w- c:\programdata\avg8
2009-09-08 22:32 . 2009-09-08 22:32 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\PCToolsFirewallPlus
2009-09-08 22:30 . 2009-03-06 04:45 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-08 22:30 . 2008-12-18 00:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-08 22:30 . 2008-12-10 20:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-08 22:28 . 2009-09-08 22:30 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-08 22:28 . 2008-09-21 23:29 97408 ----a-w- c:\windows\system32\drivers\pctfw.sys
2009-09-08 22:28 . 2009-01-20 21:38 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-09-08 22:28 . 2009-09-10 05:35 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-09-08 22:23 . 2009-09-08 22:23 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-07 09:33 . 2009-09-07 09:33 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\eSobi
2009-09-04 09:58 . 2009-09-04 09:58 -------- d-----w- c:\program files\Java
2009-08-22 08:50 . 2009-08-22 08:50 -------- d-----w- c:\users\Spiderpug\AppData\Local\Broadcom
2009-08-22 08:49 . 2009-09-12 03:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-20 04:23 . 2009-08-20 04:23 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\Motive
2009-08-20 04:01 . 2009-08-20 04:01 -------- d-----w- c:\program files\tcnzActivation
2009-08-20 04:01 . 2009-08-20 04:01 -------- d-----w- c:\program files\Common Files\Motive
2009-08-20 04:01 . 2009-08-20 04:02 -------- d-----w- c:\programdata\Motive
2009-08-18 09:27 . 2009-08-18 09:27 680 ----a-w- c:\users\Spiderpug\AppData\Local\d3d9caps.dat
2009-08-17 04:20 . 2009-08-17 04:21 -------- d-----w- c:\program files\CCleaner
2009-08-15 04:57 . 2009-09-11 09:19 -------- d-----w- c:\users\Spiderpug\Tracing
2009-08-15 04:07 . 2009-08-15 04:08 -------- d-----w- c:\users\Spiderpug\AppData\Local\Adobe
2009-08-15 02:04 . 2009-08-15 02:04 -------- d-----w- c:\program files\uTorrent
2009-08-15 02:03 . 2009-09-04 10:15 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\uTorrent
2009-08-14 06:58 . 2009-09-08 07:24 -------- d-----w- c:\users\Spiderpug\AppData\Local\Apple Computer
2009-08-14 06:58 . 2009-08-15 07:04 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\Apple Computer
2009-08-14 06:58 . 2008-04-17 00:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-14 06:58 . 2009-03-19 04:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-14 06:57 . 2009-08-14 06:57 -------- d-----w- c:\program files\iPod
2009-08-14 06:57 . 2009-08-14 06:58 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-14 06:57 . 2009-08-14 06:58 -------- d-----w- c:\program files\iTunes
2009-08-14 06:56 . 2009-08-14 06:56 -------- d-----w- c:\program files\Bonjour
2009-08-14 06:55 . 2009-08-14 06:56 -------- d-----w- c:\program files\QuickTime
2009-08-14 06:55 . 2009-08-14 06:57 -------- d-----w- c:\programdata\Apple Computer
2009-08-14 06:54 . 2009-08-14 06:54 -------- d-----w- c:\users\Spiderpug\AppData\Local\Apple
2009-08-14 06:54 . 2009-08-14 06:54 -------- d-----w- c:\program files\Apple Software Update
2009-08-14 06:50 . 2009-08-14 06:57 -------- d-----w- c:\program files\Common Files\Apple
2009-08-14 06:50 . 2009-08-14 06:50 -------- d-----w- c:\programdata\Apple
2009-08-14 06:29 . 2009-08-14 06:29 -------- d-----w- c:\programdata\CheckPoint
2009-08-14 06:21 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-14 06:21 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-14 06:21 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-14 06:21 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-14 06:21 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-14 06:21 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-14 06:21 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-14 06:13 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-14 06:13 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-14 06:13 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-14 06:13 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-14 06:13 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-14 06:11 . 2009-03-03 04:46 3599328 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-14 06:09 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 06:09 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 06:09 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 06:09 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-14 06:06 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-14 06:05 . 2009-08-14 06:05 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\AVG8
2009-08-14 06:04 . 2009-08-14 06:04 -------- d-----w- c:\users\Spiderpug\AppData\Local\Mozilla
2009-08-14 05:59 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-14 05:59 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-14 05:59 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-14 05:59 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-14 05:58 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-08-14 05:58 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-08-14 05:58 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-08-14 05:58 . 2008-10-16 02:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-14 05:58 . 2008-10-16 01:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-08-14 05:53 . 2008-12-29 02:57 952832 ----a-w- c:\windows\system32\drivers\athr.sys
2009-08-14 05:53 . 2008-12-29 02:57 952832 ----a-w- c:\windows\system32\athr.sys
2009-08-14 05:53 . 2009-08-14 05:53 -------- d-----w- c:\windows\system32\nn-NO
2009-08-14 05:53 . 2008-12-15 09:33 53248 ----a-w- c:\windows\system32\athihvui.dll
2009-08-14 05:53 . 2008-12-15 09:33 393216 ----a-w- c:\windows\system32\athihvs.dll
2009-08-14 05:53 . 2009-08-14 05:53 -------- d-----w- c:\program files\Atheros
2009-08-14 05:53 . 2009-08-14 05:53 -------- d-----w- c:\program files\Cisco
2009-08-14 05:52 . 2009-08-14 05:52 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\InstallShield
2009-08-14 05:41 . 2009-08-14 05:41 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\EgisTec
2009-08-14 05:36 . 2009-08-14 05:37 -------- d-----w- c:\programdata\Atheros
2009-08-14 03:43 . 2009-08-14 03:43 -------- d-----w- C:\MyWinLockerData
2009-08-14 03:42 . 2009-08-14 03:42 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\ATI
2009-08-14 03:42 . 2009-08-14 03:42 -------- d-----w- c:\users\Spiderpug\AppData\Local\ATI
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\users\Spiderpug\AppData\Roaming\PowerCinema
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\users\Spiderpug\AppData\Local\EgisTec
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\programdata\EgisTec
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\users\Spiderpug\AppData\Local\Acer ePower Management V4
2009-08-14 03:09 . 2009-08-14 03:40 70176 ----a-w- c:\users\Spiderpug\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 03:08 . 2009-09-12 03:00 -------- d-----w- c:\users\Spiderpug\AppData\Local\VirtualStore
2009-08-14 03:08 . 2009-08-24 07:43 -------- d-----w- c:\users\Spiderpug\AppData\Local\Google
2009-08-14 03:07 . 2009-08-24 21:40 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 22:12 . 2009-03-05 07:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-02 09:01 . 2009-09-02 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-22 09:52 . 2009-07-08 02:46 -------- d--h--w- c:\program files\Temp
2009-08-22 09:52 . 2009-02-21 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 09:51 . 2009-07-08 02:46 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-21 04:55 . 2009-08-21 04:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\PowerCinema
2009-08-21 04:55 . 2009-08-21 04:55 70176 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-21 04:55 . 2009-08-21 04:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\ATI
2009-08-16 00:04 . 2009-03-05 07:21 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 06:37 . 2009-03-05 07:42 -------- d-----w- c:\program files\Windows Live
2009-08-14 05:35 . 2009-08-14 05:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-14 03:46 . 2009-03-05 06:52 -------- d-----w- c:\programdata\McAfee
2009-08-14 03:01 . 2009-08-14 03:01 -------- d-sh--we c:\programdata\Templates
2009-08-14 03:01 . 2009-08-14 03:01 -------- d-sh--we c:\programdata\Start Menu
2009-08-14 03:01 . 2009-08-14 03:01 -------- d-sh--we c:\programdata\Favorites
2009-08-14 03:01 . 2009-08-14 03:01 -------- d-sh--we c:\programdata\Documents
2009-08-14 03:01 . 2009-08-14 03:01 -------- d-sh--we c:\programdata\Desktop
2009-07-18 16:06 . 2009-08-14 06:12 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-14 06:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-14 06:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-14 06:12 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-09 00:16 . 2009-07-09 00:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 00:16 . 2009-07-09 00:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-08 02:59 . 2009-07-08 02:59 855 ----a-w- c:\windows\regfile_I.cmd
2009-07-08 02:59 . 2009-07-08 02:59 256 ----a-w- c:\windows\regfile_E.cmd
2009-07-08 02:52 . 2009-07-08 02:52 200704 ----a-w- c:\windows\PLFSetI.exe
2009-07-08 02:39 . 2009-07-08 02:39 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-08 02:30 . 2009-07-08 02:30 507392 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-07-08 02:30 . 2009-07-08 02:30 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-07-08 02:30 . 2009-07-08 02:30 23040 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-07-08 02:30 . 2009-07-08 02:30 196608 ----a-w- c:\windows\system32\fsquirt.exe
2009-07-08 02:25 . 2009-07-08 02:25 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-08 02:25 . 2009-07-08 02:25 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-15 18:20 . 2009-08-14 06:11 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-14 06:11 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-14 06:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-14 06:11 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-14 06:11 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-14 06:11 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-14 06:11 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-14 06:11 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-14 06:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-14 06:11 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-14 06:11 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-14 06:11 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-23 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-23 21:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-23 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-23 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
"PLFSetI "= "c:\windows\PLFSetI.exe" [2009-07-08 200704]
"VitaKeyPdtWzd "= "c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-02-19 3551744]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"Acer ePower Management "= "c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-04 698912]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"ArcadeDeluxeAgent "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-21 156968]
"CLMLServer "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-21 202024]
"PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-27 173288]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-22 2652056]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-09 2007832]
"!AVG Anti-Spyware "= "c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-14 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA0BD18A-503C-40A2-82BF-F75FD1CC4C9F} "= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{2B5578D5-1107-4F08-992A-F1325FB564A9} "= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{255AF8E0-622B-4234-9296-5E7E58A0088F} "= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C461978B-57E3-4B65-A31E-9C7E8BC74714} "= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{1F909545-81B5-4D22-A622-71AF82E5B858} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E4C3A2A-D7F2-45FE-BA90-FB1BC7C635AC} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{78ADF681-F3A0-474B-B471-857E757CCF3E} "= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{287D3CD4-70B0-4C6E-A2D9-0531037A3A2F} "= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{4B21E11D-B37D-4782-B9B4-3ADBFF8AA8AF} "= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{EA760CF0-91E7-4702-B46B-CE57A8592114} "= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{94B0D63F-638F-414D-AA61-47AA9F334982} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{830EE338-C9C6-4D82-A6DF-26757A8D0320} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AFF27B95-6BA1-4250-9AAC-179DE8D9497B} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0A8CD232-911B-49E1-AEF7-DE423019FDDF} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B24BA722-B126-4A5D-8A0C-4E1323C52DCC} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A839EF8E-39C3-4B8F-BD75-A67FC1F65086} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2948CC7B-6794-4305-BA9D-3EBBBCF7CE7E} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{FCF5816C-BA11-4CBA-8384-17163652A5B4}c:\\program files\\utorrent\\utorrent.exe "= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{4B1C18D3-687E-41D4-A576-A68A3185D38F}c:\\program files\\utorrent\\utorrent.exe "= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{463CE37B-77B2-4D57-A81A-EF706CF1A3C9} "= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{BC16EB77-1606-4D4A-87C0-145DE0672D4A} "= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6FB442DF-5E6C-4DEE-9C92-A60833BF89B8} "= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R0 AlfaFF;AlfaFF;c:\windows\System32\drivers\AlfaFF.sys [11/07/2008 4:25 p.m. 42608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/09/2009 10:44 p.m. 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/09/2009 10:44 p.m. 108552]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [9/09/2009 10:30 a.m. 159600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/09/2009 10:43 p.m. 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/09/2009 10:43 p.m. 297752]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [8/07/2009 3:14 p.m. 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [8/07/2009 3:04 p.m. 723488]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 2:23 p.m. 21504]
R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [19/02/2009 2:33 p.m. 3440128]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [10/10/2008 11:47 a.m. 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [10/10/2008 11:47 a.m. 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [10/10/2008 11:47 a.m. 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [28/10/2008 7:05 a.m. 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [12/04/2009 2:32 p.m. 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [24/09/2008 10:11 a.m. 144632]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [9/09/2009 10:30 a.m. 73840]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [4/09/2008 4:12 p.m. 223232]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [9/09/2009 10:28 a.m. 95640]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [8/07/2009 2:46 p.m. 22072]
S2 gupdate1ca248cd4ad29a0;Google Update Service (gupdate1ca248cd4ad29a0);c:\program files\Google\Update\GoogleUpdate.exe [24/08/2009 7:29 p.m. 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 2:23 p.m. 179712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/07/2009 2:50 p.m. 29472]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [24/09/2008 10:11 a.m. 50424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 07:29]

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 07:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0709&m=aspire_5536
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Spiderpug\AppData\Roaming\Mozilla\Firefox\Profiles\gibo8put.default\
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 15:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1988)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-12 16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 04:02

Pre-Run: 224,679,305,216 bytes free
Post-Run: 224,458,846,208 bytes free

365 --- E O F --- 2009-08-18 09:33


What should I do know?
Has it been fully fixed?
Im not sure how this program works or what exactly it did but I think it did something...

 

Hi

Hang on, what are we trying to do? Why should I delete AVG? Wont that make me more vulnerable?????

I do want adaware instead of AVG spyware anyway....