Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE Sites Redirected and Action Cancelled Pages.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 3rd, 2010, 12:33 am

Thank You for checking in on me :D

I am getting redirected to dead ins and I get Action Cancelled Notice on a lot of sites. I am not sure of what is causing my PC to behave like this?????? It may be malware or host files or both, I am not sure. *******************************************************************
*******************************************************************
AVG full scan was clean: Spybot scan found and repaired I hijacker file: Here is a fresh Pandascan:

ANALYSIS: 2010-01-03 22:22:13
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 9.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No c:\documents and settings\thomas hugh pean\application data\registry cleaner
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\recycler\s-1-5-21-4150555342-2428190824-3850076454-1005\dc16.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
214072 HIGH MS09-055
211784 HIGH MS09-032
194862 HIGH MS08-032
;===================================================================================================================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:53 PM, on 1/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USCON/1
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: atisvc_naybi - Unknown owner - C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.freshtracks.ca/images/aurora-borealis.jpg

--
End of file - 9900 bytes
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 7th, 2010, 3:06 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 7th, 2010, 6:19 pm

Hello peku006,
Thank you for replying to my post for help. I have in the past donated to "MR" for services rendered and I will donate again. What you do and the way you go about helping us poor ignorant PC owners and opperators is so much appreciated! I wish I could afford to donate what it is really worth to me to be able to post and within a few days someone like yourself shows up willing to help.

My PC is running fast and crisp but I am unable to surf the net quickly because of all the "Action Cancelled" dead ends. Also it doesn`t want to save my passwords when I ask it to.

Thank you again for helping and I will foolow your directions to the letter. If I am unsure of anything I will wait to proceed untill you have answered my concerns.

The two files you requested are posted below.

*******************************************************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas Hugh Pean at 2010-01-07 14:31:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 285 GB (97%) free of 295 GB
Total RAM: 3546 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:57 PM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas Hugh Pean\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thomas Hugh Pean.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USCON/1
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: atisvc_naybi - Unknown owner - C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.freshtracks.ca/images/aurora-borealis.jpg

--
End of file - 9952 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-02 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-12-08 200704]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2008-12-08 466944]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-01-06 2289664]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2009-01-09 1712128]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
""= []
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2008-12-01 33280]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-12-08 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-12-08 178712]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-12-08 150040]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-12-08 442460]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-02 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Thomas Hugh Pean\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-02 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-12-08 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\LMI7A.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI7A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe"="C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 3 months======

2010-01-07 14:31:41 ----D---- C:\rsit
2010-01-03 20:46:31 ----D---- C:\Program Files\Panda Security
2010-01-03 19:41:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-03 19:41:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-02 22:09:10 ----D---- C:\WINDOWS\pss
2010-01-02 19:23:59 ----HD---- C:\$AVG
2010-01-02 19:23:48 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-02 19:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-01-02 19:23:15 ----D---- C:\Program Files\AVG
2010-01-02 19:23:14 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-02 19:22:58 ----D---- C:\WINDOWS\SxsCaPendDel
2010-01-02 18:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-02 18:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-02 18:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-02 18:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-01-02 18:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-02 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-01-02 18:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-01-02 18:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-02 18:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-02 18:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-02 18:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-02 18:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-02 18:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-02 17:40:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-01-02 17:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-02 17:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-02 17:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-02 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-02 17:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-02 17:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-02 17:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-02 17:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-02 17:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-02 17:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-02 17:38:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-02 17:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-02 17:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-02 17:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-02 17:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-01-02 17:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-01-02 17:38:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-01-02 17:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-01-02 17:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-02 17:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-02 17:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-01-02 17:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-01-02 17:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-02 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-01-02 17:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-01-02 17:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-02 17:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-01-02 17:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-02 17:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-02 17:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-02 17:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-01-02 17:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-01-02 17:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-02 17:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-02 17:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-02 16:39:25 ----D---- C:\WINDOWS\Prefetch
2010-01-02 13:37:47 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-02 13:14:32 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-02 13:14:32 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-02 13:14:18 ----RA---- C:\WINDOWS\SET116.tmp
2010-01-02 13:14:14 ----RA---- C:\WINDOWS\SET10A.tmp
2010-01-02 13:14:12 ----RA---- C:\WINDOWS\SET107.tmp
2010-01-02 06:05:09 ----D---- C:\WINDOWS\Dell
2009-12-23 11:56:25 ----D---- C:\Program Files\SpywareBlaster
2009-12-22 05:03:16 ----D---- C:\Program Files\Skyhook Wireless
2009-12-22 05:03:01 ----D---- C:\WINDOWS\system32\cqtgbd
2009-12-21 09:58:16 ----D---- C:\Program Files\VirusTotalUploader2
2009-12-20 01:57:36 ----D---- C:\Program Files\Secunia
2009-12-20 01:44:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-20 01:43:55 ----D---- C:\Program Files\Google
2009-12-20 01:43:30 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-20 01:41:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-20 01:41:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-20 01:41:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-20 01:16:54 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\WinPatrol
2009-12-20 01:16:39 ----D---- C:\Program Files\BillP Studios
2009-12-19 23:29:31 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\Malwarebytes
2009-12-19 23:29:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-19 23:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-19 20:04:18 ----HDC---- C:\WINDOWS\ie8
2009-12-19 07:48:42 ----D---- C:\_OTM
2009-12-06 13:28:48 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\Registry Cleaner
2009-11-29 11:01:32 ----D---- C:\Program Files\Trend Micro
2009-11-26 10:03:36 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-22 21:01:20 ----D---- C:\Program Files\MSXML 4.0
2009-11-22 21:01:19 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\Yahoo!
2009-11-22 21:01:19 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-11-22 21:01:15 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-22 21:01:15 ----D---- C:\Program Files\Yahoo!
2009-11-22 21:00:49 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-11-22 21:00:47 ----D---- C:\Program Files\Common Files\HP
2009-11-22 21:00:44 ----D---- C:\Program Files\Hewlett-Packard
2009-11-22 20:43:12 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\Snapfish
2009-11-22 18:18:25 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools(3)
2009-11-22 15:19:09 ----D---- C:\Config.Msi
2009-11-22 15:17:42 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-22 11:15:34 ----D---- C:\WINDOWS\system32\NtmsData
2009-11-22 11:11:38 ----D---- C:\Program Files\Uniblue
2009-11-22 10:33:50 ----A---- C:\WINDOWS\BDTSupport(2).dll
2009-11-22 10:31:52 ----D---- C:\Program Files\Spyware Doctor
2009-11-02 22:33:06 ----A---- C:\1277496.dll
2009-11-02 22:33:03 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-10-30 08:43:54 ----SHD---- C:\WINDOWS\CSC
2009-10-30 08:34:42 ----D---- C:\WINDOWS\ie7updates
2009-10-30 08:34:01 ----HDC---- C:\WINDOWS\ie7
2009-10-30 08:33:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-10-30 08:33:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-10-26 05:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960763$
2009-10-25 20:30:45 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\HPAppData
2009-10-24 23:43:50 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\HP
2009-10-24 23:37:42 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-10-24 23:37:11 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-10-24 23:34:15 ----D---- C:\Program Files\HP
2009-10-15 05:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 05:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 05:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 05:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 05:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 05:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 05:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 06:42:14 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\Template

======List of files/folders modified in the last 3 months======

2010-01-07 14:21:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-01-07 14:21:32 ----D---- C:\WINDOWS\Temp
2010-01-07 14:21:28 ----AD---- C:\WINDOWS
2010-01-07 11:56:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-07 11:55:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 22:33:00 ----SHD---- C:\WINDOWS\Installer
2010-01-04 00:51:54 ----D---- C:\Program Files\PokerStars
2010-01-03 20:54:35 ----D---- C:\WINDOWS\system32\drivers
2010-01-03 20:46:31 ----RD---- C:\Program Files
2010-01-03 20:46:31 ----HD---- C:\WINDOWS\inf
2010-01-03 20:43:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-02 19:23:48 ----AD---- C:\WINDOWS\system32
2010-01-02 19:23:08 ----D---- C:\WINDOWS\WinSxS
2010-01-02 19:23:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-02 19:21:23 ----SD---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\Microsoft
2010-01-02 18:12:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-02 18:10:38 ----D---- C:\WINDOWS\AppPatch
2010-01-02 18:09:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-02 18:09:43 ----A---- C:\WINDOWS\imsins.BAK
2010-01-02 18:04:15 ----D---- C:\WINDOWS\Help
2010-01-02 18:04:15 ----D---- C:\Program Files\Internet Explorer
2010-01-02 18:04:14 ----D---- C:\WINDOWS\system32\wbem
2010-01-02 17:58:35 ----D---- C:\WINDOWS\system32\en-US
2010-01-02 17:40:11 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-02 17:38:04 ----D---- C:\Program Files\Outlook Express
2010-01-02 17:14:09 ----D---- C:\WINDOWS\Media
2010-01-02 17:09:42 ----D---- C:\Program Files\PC Tools AntiVirus
2010-01-02 17:09:41 ----D---- C:\Documents and Settings\Thomas Hugh Pean\Application Data\PC Tools
2010-01-02 17:06:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-02 17:01:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-02 17:00:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-02 16:41:12 ----D---- C:\WINDOWS\Registration
2010-01-02 16:40:02 ----SHD---- C:\System Volume Information
2010-01-02 16:40:02 ----D---- C:\WINDOWS\system32\Restore
2010-01-02 13:41:54 ----D---- C:\WINDOWS\system32\config
2010-01-02 13:41:54 ----A---- C:\WINDOWS\setuplog.txt
2010-01-02 13:39:06 ----D---- C:\WINDOWS\security
2010-01-02 13:38:51 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-02 13:38:46 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-02 13:37:50 ----RD---- C:\WINDOWS\Web
2010-01-02 13:37:41 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-02 13:37:29 ----A---- C:\WINDOWS\win.ini
2010-01-02 13:37:21 ----AD---- C:\WINDOWS\system32\oobe
2010-01-02 13:36:26 ----D---- C:\WINDOWS\system32\Com
2010-01-02 13:25:39 ----SH---- C:\boot.ini
2010-01-02 13:15:43 ----D---- C:\drivers
2010-01-02 13:14:37 ----A---- C:\WINDOWS\system.ini
2010-01-02 13:14:23 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-01-02 06:11:45 ----D---- C:\WINDOWS\system32\Setup
2010-01-02 06:11:45 ----D---- C:\WINDOWS\system
2010-01-02 06:11:37 ----D---- C:\WINDOWS\L2Schemas
2010-01-02 06:11:36 ----D---- C:\WINDOWS\system32\usmt
2010-01-02 06:11:17 ----D---- C:\WINDOWS\mui
2010-01-02 06:11:16 ----D---- C:\WINDOWS\ime
2010-01-02 06:11:16 ----D---- C:\WINDOWS\ehome
2010-01-02 06:11:15 ----RSD---- C:\WINDOWS\Fonts
2010-01-02 06:11:14 ----D---- C:\WINDOWS\Network Diagnostic
2010-01-02 06:11:11 ----D---- C:\WINDOWS\system32\scripting
2010-01-02 06:11:01 ----D---- C:\WINDOWS\PeerNet
2010-01-02 06:10:49 ----D---- C:\WINDOWS\system32\npp
2010-01-02 06:10:42 ----D---- C:\WINDOWS\msagent
2010-01-02 06:10:38 ----D---- C:\WINDOWS\system32\en
2010-01-02 06:07:32 ----D---- C:\WINDOWS\twain_32
2010-01-02 06:06:50 ----D---- C:\WINDOWS\system32\icsxml
2010-01-02 06:06:21 ----D---- C:\WINDOWS\system32\ias
2010-01-02 06:06:16 ----D---- C:\WINDOWS\system32\1033
2010-01-02 06:05:09 ----D---- C:\WINDOWS\Driver Cache
2009-12-27 12:03:32 ----D---- C:\WINDOWS\system32\FxsTmp
2009-12-20 02:15:09 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-12-20 01:48:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-20 01:46:03 ----D---- C:\Program Files\Common Files\Adobe
2009-12-20 01:45:53 ----D---- C:\Program Files\Adobe
2009-12-20 01:44:23 ----D---- C:\Program Files\Common Files
2009-12-20 01:41:33 ----D---- C:\Program Files\Java
2009-12-19 21:00:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-19 20:59:51 ----RSD---- C:\WINDOWS\assembly
2009-12-19 20:04:55 ----D---- C:\WINDOWS\ie8updates
2009-12-17 18:59:27 ----D---- C:\Documents and Settings
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-22 21:04:21 ----D---- C:\WINDOWS\WBEM
2009-11-22 21:00:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-22 20:44:59 ----D---- C:\Program Files\PokerStars.NET
2009-11-22 10:32:05 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-29 00:45:38 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 00:45:37 ----N---- C:\WINDOWS\system32\occache.dll
2009-10-29 00:45:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 00:45:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 00:45:35 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 00:45:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 00:45:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 00:45:34 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-10-29 00:45:34 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 00:45:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 00:45:32 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-28 22:38:22 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-10-28 08:07:15 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 07:40:47 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-26 05:52:25 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2009-10-24 06:24:06 ----A---- C:\WINDOWS\ModemLog_Sierra Wireless HSPA Modem.txt
2009-10-20 22:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-20 22:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-13 03:30:16 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 06:38:19 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 06:38:18 ----A---- C:\WINDOWS\system32\raschap.dll
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2008-10-04 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-02 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-02 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-02 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2008-11-20 18816]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 Wpsnuio;WPS NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\wpsnuio.sys [2009-12-22 13696]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-12-08 108160]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-12-08 170032]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-06 1391104]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-12-08 6047904]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-12-08 157696]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-12-08 1384595]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-08 289664]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2008-11-20 27072]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\WINDOWS\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\WINDOWS\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\drivers\USBSTOR.sys [2008-04-14 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 atisvc_naybi;atisvc_naybi; C:\WINDOWS\system32\cqtgbd\atisvc_naybi.exe [2009-12-22 449262]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-02 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-02 285392]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 STacSV;Audio Service; c:\drivers\audio\r203425\STacSV.exe [2008-12-08 225362]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-01-06 24576]
R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-01-07 14:31:59

======Uninstall list======

-->C:\Program Files\Skyhook Wireless\Wi-Fi Service\svcsetup.exe -u
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
AT&T Communication Manager-->MsiExec.exe /X{AF64F216-D859-43FC-9068-0005A41AEBA3}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Driver Installer-->MsiExec.exe /X{F804CAE5-50B2-4646-803A-A428325237CA}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\WINDOWS\system32\imsmudlg.exe -uninstall
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NinjaTrader 6.5-->MsiExec.exe /I{4539D65F-319C-416F-A17F-827110F4CE22}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Secure Viewer 2.7-->"C:\Program Files\omNovia\Secure Viewer\unins000.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

=====HijackThis Backups=====

O1 - Hosts: ÿþ127.0.0.1 localhost [2009-12-21]
O1 - Hosts: ::1 localhost [2009-12-21]

Hosts File Missing
======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: TOM3
Event Code: 7034
Message: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

Record Number: 18944
Source Name: Service Control Manager
Time Written: 20091223114200.000000-420
Event Type: error
User:

Computer Name: TOM3
Event Code: 7000
Message: The Sierra Wireless MUX NDIS Driver (UMTS80) service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 18917
Source Name: Service Control Manager
Time Written: 20091223113559.000000-420
Event Type: error
User:

Computer Name: TOM3
Event Code: 7000
Message: The RT73 USB Wireless LAN Card Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 18916
Source Name: Service Control Manager
Time Written: 20091223113559.000000-420
Event Type: error
User:

Computer Name: TOM3
Event Code: 2511
Message: The server service was unable to recreate the share Picture because the directory C:\Documents and Settings\Thomas Hugh Pean\My Documents\My Pictures\Picture no longer exists. Please run "net share Picture /delete" to delete the share, or recreate the directory C:\Documents and Settings\Thomas Hugh Pean\My Documents\My Pictures\Picture.

Record Number: 18915
Source Name: Server
Time Written: 20091223113558.000000-420
Event Type: warning
User:

Computer Name: TOM3
Event Code: 7034
Message: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

Record Number: 18910
Source Name: Service Control Manager
Time Written: 20091223113511.000000-420
Event Type: error
User:
************************
=====Application event log=====

Computer Name: TOM3
Event Code: 1517
Message: Windows saved user TOM3\Thomas Hugh Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5735
Source Name: Userenv
Time Written: 20091222045834.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TOM3
Event Code: 1517
Message: Windows saved user TOM3\Thomas Hugh Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5726
Source Name: Userenv
Time Written: 20091222044458.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TOM3
Event Code: 1517
Message: Windows saved user TOM3\Thomas Hugh Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5717
Source Name: Userenv
Time Written: 20091222043919.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TOM3
Event Code: 1517
Message: Windows saved user TOM3\Thomas Hugh Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5708
Source Name: Userenv
Time Written: 20091222013201.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TOM3
Event Code: 1517
Message: Windows saved user TOM3\Thomas Hugh Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5699
Source Name: Userenv
Time Written: 20091221231053.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 8th, 2010, 5:26 am

Hi PopaTom

I think that your problem is "missing Hosts File"

You can restore the hosts file to the original by using a program called HostsXpert.

Please download HostXpert.
  • Unzip HostsXpert.zip
  • Double click on HostsXpert.exe
  • Then click on Restore ms Hosts file to restore your Hosts file to its default condidtion..
  • Click on Make Read Only to secure it against further infection.
  • Close program when complete.

post back if it helped.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 8th, 2010, 2:08 pm

Hi peku006,
I D/L and installed the host files and it didn`t help:( I am still getting Redirect and action cancelled pages. It is so bad that I even get them on "MR" site. I hope I don`t have to reformat.
(Inspiron1545)
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 11th, 2010, 8:40 am

Hi PopaTom
I'm sorry the "late response"...... "technical difficulties"

1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 11th, 2010, 2:52 pm

Hi Peku,
Here is the log you requested.


ComboFix 10-01-11.01 - Thomas Hugh Pean 01/11/2010 11:25:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2947 [GMT -7:00]
Running from: c:\documents and settings\Thomas Hugh Pean\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1277496.dll
c:\windows\system32\cqtgbd\ATIDLL_decma.dll
c:\windows\system32\cqtgbd\AWTKernel32_deimv.dll
c:\windows\system32\cqtgbd\mca_bkgtn.dll
c:\windows\system32\cqtgbd\mcmsg_geghf.dll
c:\windows\system32\cqtgbd\mcy_hlaeu.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-07 21:31 . 2010-01-07 21:33 -------- d-----w- C:\rsit
2010-01-04 03:46 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-04 03:46 . 2010-01-04 03:46 -------- d-----w- c:\program files\Panda Security
2010-01-04 02:41 . 2010-01-04 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-04 02:41 . 2010-01-04 02:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 03:28 . 2010-01-03 02:23 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-03 03:28 . 2010-01-03 02:23 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-03 03:28 . 2010-01-03 02:23 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-03 03:28 . 2010-01-03 02:23 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-03 03:28 . 2010-01-03 02:23 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-03 03:28 . 2010-01-03 02:23 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-03 02:23 . 2010-01-03 02:23 -------- d-----w- C:\$AVG
2010-01-03 02:23 . 2010-01-03 02:23 -------- d-----w- c:\program files\AVG
2010-01-03 02:23 . 2010-01-11 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-03 02:22 . 2010-01-03 03:36 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-03 01:13 . 2010-01-10 02:27 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-03 01:00 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-03 01:00 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-03 01:00 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-03 01:00 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-03 01:00 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-03 01:00 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-03 00:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-03 00:05 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-03 00:02 . 2009-08-05 03:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-03 00:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-03 00:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-03 00:02 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-02 20:40 . 2008-04-14 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-01-02 20:39 . 2008-04-14 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-01-02 20:14 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-02 20:14 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-02 20:14 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-02 20:14 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-02 13:05 . 2010-01-02 13:05 -------- d-----w- c:\windows\Dell
2010-01-02 00:46 . 2010-01-02 00:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-23 18:56 . 2010-01-02 00:46 -------- d-----w- c:\program files\SpywareBlaster
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-22 12:03 . 2010-01-11 18:28 -------- d-----w- c:\windows\system32\cqtgbd
2009-12-21 16:58 . 2010-01-02 00:53 -------- d-----w- c:\program files\VirusTotalUploader2
2009-12-20 08:57 . 2009-12-20 08:57 -------- d-----w- c:\program files\Secunia
2009-12-20 08:51 . 2009-12-20 08:52 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Local Settings\Application Data\Google
2009-12-20 08:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 08:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 08:44 . 2009-12-20 08:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-20 08:43 . 2009-12-20 09:07 -------- d-----w- c:\program files\Google
2009-12-20 08:43 . 2009-12-20 08:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-20 08:43 . 2009-12-20 08:43 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2009-12-20 08:43 . 2009-12-20 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-20 08:40 . 2009-12-20 08:40 152576 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 08:38 . 2009-12-20 08:39 79488 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 08:16 . 2009-12-20 08:16 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol
2009-12-20 08:16 . 2008-04-25 21:29 0 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol\Config.sys
2009-12-20 08:16 . 2008-04-25 21:29 0 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol\Autoexec.bat
2009-12-20 08:16 . 2009-12-20 08:16 -------- d-----w- c:\program files\BillP Studios
2009-12-20 06:29 . 2009-12-20 06:29 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Malwarebytes
2009-12-20 06:29 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 06:29 . 2010-01-10 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 06:29 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 06:29 . 2009-12-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 06:19 . 2009-12-20 06:19 -------- d-sh--w- c:\documents and settings\Carolyn Sue Pean\IETldCache
2009-12-20 03:04 . 2010-01-03 01:00 -------- dc-h--w- c:\windows\ie8
2009-12-19 14:48 . 2009-12-19 14:48 -------- d-----w- C:\_OTM
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Application Data\PC Tools
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Application Data\AT&T
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Local Settings\Application Data\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 02:56 . 2009-10-04 01:45 -------- d-----w- c:\program files\PokerStars
2010-01-03 00:09 . 2009-04-24 17:32 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-01-03 00:09 . 2009-11-22 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-03 00:09 . 2009-04-24 17:38 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\PC Tools
2010-01-03 00:00 . 2009-04-24 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-02 23:40 . 2009-04-17 04:46 34000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 20:36 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-27 19:03 . 2009-10-13 13:42 144 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\wklnhst.dat
2009-12-22 12:03 . 2009-11-03 05:33 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-12-20 08:46 . 2009-04-17 04:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-20 08:41 . 2009-04-17 04:41 -------- d-----w- c:\program files\Java
2009-12-06 20:29 . 2009-12-06 20:28 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Registry Cleaner
2009-12-06 17:12 . 2009-08-22 18:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-29 18:01 . 2009-11-29 18:01 -------- d-----w- c:\program files\Trend Micro
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Yahoo!
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\program files\Yahoo!
2009-11-23 04:01 . 2009-10-25 06:34 -------- d-----w- c:\program files\HP
2009-11-23 04:00 . 2009-10-25 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\program files\Common Files\HP
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-23 03:44 . 2009-10-04 01:37 -------- d-----w- c:\program files\PokerStars.NET
2009-11-23 03:43 . 2009-11-23 03:43 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Snapfish
2009-11-23 03:04 . 2009-11-22 17:31 -------- d-----w- c:\program files\Spyware Doctor
2009-11-23 03:01 . 2009-11-23 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools(3)
2009-11-22 20:13 . 2009-10-26 03:30 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\HPAppData
2009-11-22 18:11 . 2009-11-22 18:11 -------- d-----w- c:\program files\Uniblue
2009-11-22 17:32 . 2009-04-24 17:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 06:42 . 2009-10-25 06:33 166369 ----a-w- c:\windows\hpoins28.dat
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]

c:\documents and settings\Thomas Hugh Pean\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/3/2010 8:46 PM 28552]
R2 atisvc_naybi;atisvc_naybi;c:\windows\system32\cqtgbd\atisvc_naybi.exe [12/22/2009 5:03 AM 449262]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/17/2009 12:30 AM 108160]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [4/17/2009 12:30 AM 157696]
S0 cerc6;cerc6; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-avgrsstarter - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 11:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\cqtgbd\mcie_admvn.dll
c:\windows\system32\cqtgbd\mcapp_hcweb.dll
c:\windows\system32\cqtgbd\mcgc_xvinf.dll
c:\windows\system32\cqtgbd\mcsc_cfmfb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\drivers\audio\r203425\STacSV.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-01-11 11:34:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 18:34

Pre-Run: 298,481,639,424 bytes free
Post-Run: 298,867,417,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C95FF5E18B95F6ED96FD4432D1BD7328
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 11th, 2010, 3:05 pm

Hi PopaTom

Please go to Virus Total or Jotti
and upload Insert file for scanning.
For Virus Total
1. Please copy and paste c:\windows\system32\cqtgbd\mcie_admvn.dll in the text box next to the Browse button.
2. Click on Send File.
For Jotti
1. Please copy and paste c:\windows\system32\cqtgbd\mcie_admvn.dll in the text box next to the Browse button.
2. Click on Submit.

Repeat for the below file/s:
c:\windows\system32\cqtgbd\mcapp_hcweb.dll
c:\windows\system32\cqtgbd\mcgc_xvinf.dll
c:\windows\system32\cqtgbd\mcsc_cfmfb.dll


Please post back the results of the scan in your next post.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 11th, 2010, 6:55 pm

Hi peku,
I am not even sure if this isreally what you wanted. I had a heck of a time trying to copy this file into virustotal.


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File notepad.exe received on 2010.01.09 07:08:23 (UTC)
Current status: finished

Result: 1/41 (2.44%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.09 -
AhnLab-V3 5.0.0.2 2010.01.09 -
AntiVir 7.9.1.130 2010.01.08 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.08 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.09 -
CAT-QuickHeal 10.00 2010.01.09 -
ClamAV 0.94.1 2010.01.09 -
Comodo 3514 2010.01.08 -
DrWeb 5.0.1.12222 2010.01.09 -
eSafe 7.0.17.0 2010.01.07 Win32.Banker
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.08 -
F-Secure 9.0.15370.0 2010.01.09 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.09 -
Ikarus T3.1.1.80.0 2010.01.09 -
Jiangmin 13.0.900 2010.01.09 -
K7AntiVirus 7.10.942 2010.01.08 -
Kaspersky 7.0.0.125 2010.01.09 -
McAfee 5855 2010.01.08 -
McAfee+Artemis 5855 2010.01.08 -
McAfee-GW-Edition 6.8.5 2010.01.09 -
Microsoft 1.5302 2010.01.09 -
NOD32 4755 2010.01.08 -
Norman 6.04.03 2010.01.08 -
nProtect 2009.1.8.0 2010.01.08 -
Panda 10.0.2.2 2010.01.08 -
PCTools 7.0.3.5 2010.01.09 -
Prevx 3.0 2010.01.09 -
Rising 22.29.05.03 2010.01.09 -
Sophos 4.49.0 2010.01.09 -
Sunbelt 3.2.1858.2 2010.01.09 -
Symantec 20091.2.0.41 2010.01.09 -
TheHacker 6.5.0.3.143 2010.01.09 -
TrendMicro 9.120.0.1004 2010.01.09 -
VBA32 3.12.12.1 2010.01.09 -
ViRobot 2010.1.8.2128 2010.01.08 -
VirusBuster 5.0.21.0 2010.01.08 -
Additional information
File size: 69120 bytes
MD5 : 5e28284f9b5f9097640d58a73d38ad4c
SHA1 : 7a90f8b051bc82cc9cadbcc9ba345ced02891a6c
SHA256: 865f34fe7ba81e9622ddbdfc511547d190367bbf3dad21ceb6da3eec621044f5
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x739D
timedatestamp.....: 0x48025287 (Sun Apr 13 20:35:51 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7748 0x7800 6.28 debcf7299d2aac29b3bca84abd1d18dd
.data 0x9000 0x1BA8 0x800 1.15 3fd82fcc3cf0c0692e0e466248ee3fbf
.rsrc 0xB000 0x8948 0x8A00 5.41 950dd279a78aefe8be9ae8b129dd928e

( 0 imports )


( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... a73d38ad4c
ssdeep: 1536:bwOnbNQKLjWDyy1o5I0foMJUEbooPRrKKReFX3:RNQKPWDyDI0fFJltZrpReFX3
PEiD : -
RDS : NSRL Reference Data Set
-


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 12th, 2010, 4:45 am

Hi PopaTom
"Virus Total" was not successful

1 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
DirLook::
c:\windows\system32\cqtgbd




  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 12th, 2010, 11:41 am

Hi peku,
Here is the combo log



ComboFix 10-01-11.04 - Thomas Hugh Pean 01/12/2010 8:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2852 [GMT -7:00]
Running from: c:\documents and settings\Thomas Hugh Pean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Thomas Hugh Pean\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1277496.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-11 18:45 . 2010-01-11 18:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-11 18:45 . 2010-01-11 18:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-11 18:45 . 2010-01-11 18:45 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-11 18:45 . 2010-01-11 18:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-11 18:45 . 2010-01-12 06:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-07 21:31 . 2010-01-07 21:33 -------- d-----w- C:\rsit
2010-01-04 03:46 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-04 03:46 . 2010-01-04 03:46 -------- d-----w- c:\program files\Panda Security
2010-01-04 02:41 . 2010-01-04 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-04 02:41 . 2010-01-04 02:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 03:28 . 2010-01-11 18:45 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-03 03:28 . 2010-01-11 18:45 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-03 03:28 . 2010-01-11 18:45 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-03 03:28 . 2010-01-11 18:45 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-03 03:28 . 2010-01-11 18:45 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-03 03:28 . 2010-01-11 18:45 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-03 02:23 . 2010-01-03 02:23 -------- d-----w- C:\$AVG
2010-01-03 02:23 . 2010-01-03 02:23 -------- d-----w- c:\program files\AVG
2010-01-03 02:23 . 2010-01-11 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-03 02:22 . 2010-01-03 03:36 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-03 01:13 . 2010-01-10 02:27 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-03 01:00 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-03 01:00 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-03 01:00 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-03 01:00 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-03 01:00 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-03 01:00 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-03 00:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-03 00:05 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-03 00:02 . 2009-08-05 03:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-03 00:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-03 00:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-03 00:02 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-02 20:40 . 2008-04-14 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-01-02 20:39 . 2008-04-14 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-01-02 20:14 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-02 20:14 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-02 20:14 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-02 20:14 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-02 13:05 . 2010-01-02 13:05 -------- d-----w- c:\windows\Dell
2010-01-02 00:46 . 2010-01-02 00:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-23 18:56 . 2010-01-02 00:46 -------- d-----w- c:\program files\SpywareBlaster
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-22 12:03 . 2010-01-12 06:36 -------- d-----w- c:\windows\system32\cqtgbd
2009-12-21 16:58 . 2010-01-11 22:24 -------- d-----w- c:\program files\VirusTotalUploader2
2009-12-20 08:57 . 2009-12-20 08:57 -------- d-----w- c:\program files\Secunia
2009-12-20 08:51 . 2009-12-20 08:52 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Local Settings\Application Data\Google
2009-12-20 08:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 08:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 08:44 . 2009-12-20 08:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-20 08:43 . 2009-12-20 09:07 -------- d-----w- c:\program files\Google
2009-12-20 08:43 . 2009-12-20 08:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-20 08:43 . 2009-12-20 08:43 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2009-12-20 08:43 . 2009-12-20 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-20 08:40 . 2009-12-20 08:40 152576 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 08:38 . 2009-12-20 08:39 79488 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 08:16 . 2009-12-20 08:16 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol
2009-12-20 08:16 . 2008-04-25 21:29 0 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol\Config.sys
2009-12-20 08:16 . 2008-04-25 21:29 0 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol\Autoexec.bat
2009-12-20 08:16 . 2009-12-20 08:16 -------- d-----w- c:\program files\BillP Studios
2009-12-20 06:29 . 2009-12-20 06:29 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Malwarebytes
2009-12-20 06:29 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 06:29 . 2010-01-10 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 06:29 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 06:29 . 2009-12-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 06:19 . 2009-12-20 06:19 -------- d-sh--w- c:\documents and settings\Carolyn Sue Pean\IETldCache
2009-12-20 03:04 . 2010-01-03 01:00 -------- dc-h--w- c:\windows\ie8
2009-12-19 14:48 . 2009-12-19 14:48 -------- d-----w- C:\_OTM
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Application Data\PC Tools
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Application Data\AT&T
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Local Settings\Application Data\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 02:56 . 2009-10-04 01:45 -------- d-----w- c:\program files\PokerStars
2010-01-03 00:09 . 2009-04-24 17:32 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-01-03 00:09 . 2009-11-22 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-03 00:09 . 2009-04-24 17:38 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\PC Tools
2010-01-03 00:00 . 2009-04-24 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-02 23:40 . 2009-04-17 04:46 34000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 20:36 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-27 19:03 . 2009-10-13 13:42 144 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\wklnhst.dat
2009-12-22 12:03 . 2009-11-03 05:33 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-12-20 08:46 . 2009-04-17 04:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-20 08:41 . 2009-04-17 04:41 -------- d-----w- c:\program files\Java
2009-12-06 20:29 . 2009-12-06 20:28 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Registry Cleaner
2009-12-06 17:12 . 2009-08-22 18:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-29 18:01 . 2009-11-29 18:01 -------- d-----w- c:\program files\Trend Micro
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Yahoo!
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\program files\Yahoo!
2009-11-23 04:01 . 2009-10-25 06:34 -------- d-----w- c:\program files\HP
2009-11-23 04:00 . 2009-10-25 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\program files\Common Files\HP
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-23 03:44 . 2009-10-04 01:37 -------- d-----w- c:\program files\PokerStars.NET
2009-11-23 03:43 . 2009-11-23 03:43 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Snapfish
2009-11-23 03:04 . 2009-11-22 17:31 -------- d-----w- c:\program files\Spyware Doctor
2009-11-23 03:01 . 2009-11-23 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools(3)
2009-11-22 20:13 . 2009-10-26 03:30 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\HPAppData
2009-11-22 18:11 . 2009-11-22 18:11 -------- d-----w- c:\program files\Uniblue
2009-11-22 17:32 . 2009-04-24 17:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-25 06:42 . 2009-10-25 06:33 166369 ----a-w- c:\windows\hpoins28.dat
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\cqtgbd ----

2010-01-12 06:35 . 2010-01-12 06:36 6013776 ----a-w- c:\windows\system32\cqtgbd\CatDB.dic
2010-01-12 06:35 . 2010-01-12 06:36 96 ----a-w- c:\windows\system32\cqtgbd\CatVerDB.dic
2010-01-11 17:05 . 2010-01-12 15:30 1240 ---ha-w- c:\windows\system32\cqtgbd\Cache\S-1-5-21-4150555342-2428190824-3850076454-1005\Default\3948_14840031_13.cdf
2009-12-22 12:03 . 2010-01-12 06:36 44232 ----a-w- c:\windows\system32\cqtgbd\Settings1108156.dat
2009-12-22 12:03 . 2009-12-22 12:03 346810 ----a-w- c:\windows\system32\cqtgbd\ATIDLL64_dgjbr.dll
2009-12-22 12:03 . 2009-12-22 12:03 449262 ----a-w- c:\windows\system32\cqtgbd\atisvc_naybi.exe
2009-12-22 12:03 . 2009-12-22 12:03 2611441 ----a-w- c:\windows\system32\cqtgbd\mcgc_xvinf.dll
2009-12-22 12:03 . 2009-12-22 12:03 2156732 ----a-w- c:\windows\system32\cqtgbd\ffe35_cgflv.dll
2009-12-22 12:03 . 2009-12-22 12:03 2160779 ----a-w- c:\windows\system32\cqtgbd\ffe3_adibc.dll
2009-12-22 12:03 . 2009-12-22 12:03 2631767 ----a-w- c:\windows\system32\cqtgbd\ffe_bkgtn.dll
2009-12-22 12:03 . 2009-12-22 12:03 2061963 ----a-w- c:\windows\system32\cqtgbd\mcsc_cfmfb.dll
2009-12-22 12:03 . 2009-12-22 12:03 349681 ----a-w- c:\windows\system32\cqtgbd\mcoexp_qcmsb.dll
2009-12-22 12:03 . 2009-12-22 12:03 644391 ----a-w- c:\windows\system32\cqtgbd\mco_aylwp.dll
2009-12-22 12:03 . 2009-12-22 12:03 267304 ----a-w- c:\windows\system32\cqtgbd\mclmd_ctjul.dll
2009-12-22 12:03 . 2009-12-22 12:03 2445916 ----a-w- c:\windows\system32\cqtgbd\mck_drxol.dll
2009-12-22 12:03 . 2009-12-22 12:03 2211986 ----a-w- c:\windows\system32\cqtgbd\mcie_admvn.dll
2009-12-22 12:03 . 2009-12-22 12:03 561093 ----a-w- c:\windows\system32\cqtgbd\mcff_gaerh.dll
2009-12-22 12:03 . 2009-12-22 12:03 1179282 ----a-w- c:\windows\system32\cqtgbd\mcapp_hcweb.dll
2009-12-22 12:03 . 2009-12-22 12:03 288307 ----a-w- c:\windows\system32\cqtgbd\dprx_ifcui.dll
2009-12-22 12:03 . 2009-12-22 12:03 2473175 ----a-w- c:\windows\system32\cqtgbd\Director_gomaf.dll
2009-12-22 12:03 . 2009-12-22 12:03 384061 ----a-w- c:\windows\system32\cqtgbd\ccp_levea.dll
2009-12-22 12:03 . 2009-08-25 22:40 262144 ----a-w- c:\windows\system32\cqtgbd\proxy.dll
2009-12-22 12:03 . 2009-12-22 12:03 2352 ----a-w- c:\windows\system32\cqtgbd\Config.dat
2009-12-22 12:03 . 2009-12-22 12:03 30248 ----a-w- c:\windows\system32\cqtgbd\Settings.dat
2009-12-22 12:03 . 2009-02-13 20:56 360448 ----a-w- c:\windows\system32\cqtgbd\svcsetup.exe
2009-12-22 12:03 . 2009-02-13 20:56 503808 ----a-w- c:\windows\system32\cqtgbd\wpsapi-vista.dll
2009-12-22 12:03 . 2009-02-13 20:56 503808 ----a-w- c:\windows\system32\cqtgbd\wpsapi-xp.dll
2009-12-22 12:03 . 2009-06-30 07:34 122880 ----a-w- c:\windows\system32\cqtgbd\database.sdf
2009-12-22 12:03 . 2009-12-22 12:03 17778 ----a-w- c:\windows\system32\cqtgbd\ve.dll
2009-12-22 12:03 . 2009-12-22 12:03 100722 ----a-w- c:\windows\system32\cqtgbd\WindowsAccessBridge.dll
2009-12-22 12:03 . 2009-12-22 12:03 264510 ----a-w- c:\windows\system32\cqtgbd\AES256.dll
2009-12-22 12:03 . 2009-12-22 12:03 58174 ----a-w- c:\windows\system32\cqtgbd\LiteUnzip.dll


((((((((((((((((((((((((((((( SnapShot@2010-01-11_18.30.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-12 13:27 . 2010-01-12 13:27 16384 c:\windows\Temp\Perflib_Perfdata_478.dat
+ 2008-04-25 16:16 . 2008-04-14 12:00 28672 c:\windows\system32\verclsid.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-11 2033432]

c:\documents and settings\Thomas Hugh Pean\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-11 18:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/3/2010 8:46 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/11/2010 11:45 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/11/2010 11:45 AM 360584]
R2 atisvc_naybi;atisvc_naybi;c:\windows\system32\cqtgbd\atisvc_naybi.exe [12/22/2009 5:03 AM 449262]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/11/2010 11:45 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/11/2010 11:45 AM 285392]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/17/2009 12:30 AM 108160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [4/17/2009 12:30 AM 157696]
S0 cerc6;cerc6; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 08:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-12 08:37:25
ComboFix-quarantined-files.txt 2010-01-12 15:37
ComboFix2.txt 2010-01-11 18:34

Pre-Run: 298,455,347,200 bytes free
Post-Run: 298,643,968,000 bytes free

- - End Of File - - DEA6B4332B5495165DF1A74C694D55AB
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 12th, 2010, 12:54 pm

Hi PopaTom

1 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
Driver::
pavboot

Folder::
c:\windows\system32\cqtgbd




  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 12th, 2010, 2:01 pm

Hi Peku,
Another combo log



ComboFix 10-01-11.04 - Thomas Hugh Pean 01/12/2010 10:44:35.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2960 [GMT -7:00]
Running from: c:\documents and settings\Thomas Hugh Pean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Thomas Hugh Pean\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1277496.dll
c:\windows\system32\cqtgbd
c:\windows\system32\cqtgbd\AES256.dll
c:\windows\system32\cqtgbd\ATIDLL64_dgjbr.dll
c:\windows\system32\cqtgbd\atisvc_naybi.exe
c:\windows\system32\cqtgbd\Cache\S-1-5-21-4150555342-2428190824-3850076454-1005\Default\3948_14840031_13.cdf
c:\windows\system32\cqtgbd\CatDB.dic
c:\windows\system32\cqtgbd\CatVerDB.dic
c:\windows\system32\cqtgbd\ccp_levea.dll
c:\windows\system32\cqtgbd\Config.dat
c:\windows\system32\cqtgbd\database.sdf
c:\windows\system32\cqtgbd\Director_gomaf.dll
c:\windows\system32\cqtgbd\dprx_ifcui.dll
c:\windows\system32\cqtgbd\ffe_bkgtn.dll
c:\windows\system32\cqtgbd\ffe3_adibc.dll
c:\windows\system32\cqtgbd\ffe35_cgflv.dll
c:\windows\system32\cqtgbd\LiteUnzip.dll
c:\windows\system32\cqtgbd\mcapp_hcweb.dll
c:\windows\system32\cqtgbd\mcff_gaerh.dll
c:\windows\system32\cqtgbd\mcgc_xvinf.dll
c:\windows\system32\cqtgbd\mcie_admvn.dll
c:\windows\system32\cqtgbd\mck_drxol.dll
c:\windows\system32\cqtgbd\mclmd_ctjul.dll
c:\windows\system32\cqtgbd\mco_aylwp.dll
c:\windows\system32\cqtgbd\mcoexp_qcmsb.dll
c:\windows\system32\cqtgbd\mcsc_cfmfb.dll
c:\windows\system32\cqtgbd\proxy.dll
c:\windows\system32\cqtgbd\Settings.dat
c:\windows\system32\cqtgbd\Settings1108156.dat
c:\windows\system32\cqtgbd\svcsetup.exe
c:\windows\system32\cqtgbd\ve.dll
c:\windows\system32\cqtgbd\WindowsAccessBridge.dll
c:\windows\system32\cqtgbd\wpsapi-vista.dll
c:\windows\system32\cqtgbd\wpsapi-xp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVBOOT
-------\Service_pavboot
-------\Legacy_atisvc_naybi
-------\Service_atisvc_naybi


((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-11 18:45 . 2010-01-11 18:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-11 18:45 . 2010-01-11 18:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-11 18:45 . 2010-01-11 18:45 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-11 18:45 . 2010-01-11 18:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-11 18:45 . 2010-01-12 15:51 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-07 21:31 . 2010-01-07 21:33 -------- d-----w- C:\rsit
2010-01-04 03:46 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-04 03:46 . 2010-01-04 03:46 -------- d-----w- c:\program files\Panda Security
2010-01-04 02:41 . 2010-01-04 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-04 02:41 . 2010-01-04 02:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 03:28 . 2010-01-11 18:45 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-03 03:28 . 2010-01-11 18:45 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-03 03:28 . 2010-01-11 18:45 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-03 03:28 . 2010-01-11 18:45 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-03 03:28 . 2010-01-11 18:45 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-03 03:28 . 2010-01-11 18:45 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-03 02:23 . 2010-01-03 02:23 -------- d-----w- C:\$AVG
2010-01-03 02:23 . 2010-01-03 02:23 -------- d-----w- c:\program files\AVG
2010-01-03 02:23 . 2010-01-11 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-03 02:22 . 2010-01-03 03:36 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-03 01:13 . 2010-01-10 02:27 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-03 01:00 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-03 01:00 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-03 01:00 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-03 01:00 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-03 01:00 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-03 01:00 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-03 00:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-03 00:05 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-03 00:02 . 2009-08-05 03:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-03 00:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-03 00:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-03 00:02 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-02 20:40 . 2008-04-14 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-01-02 20:39 . 2008-04-14 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-01-02 20:14 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-02 20:14 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-02 20:14 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-02 20:14 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-02 13:05 . 2010-01-02 13:05 -------- d-----w- c:\windows\Dell
2010-01-02 00:46 . 2010-01-02 00:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-23 18:56 . 2010-01-02 00:46 -------- d-----w- c:\program files\SpywareBlaster
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-21 16:58 . 2010-01-11 22:24 -------- d-----w- c:\program files\VirusTotalUploader2
2009-12-20 08:57 . 2009-12-20 08:57 -------- d-----w- c:\program files\Secunia
2009-12-20 08:51 . 2009-12-20 08:52 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Local Settings\Application Data\Google
2009-12-20 08:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 08:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 08:44 . 2009-12-20 08:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-20 08:43 . 2009-12-20 09:07 -------- d-----w- c:\program files\Google
2009-12-20 08:43 . 2009-12-20 08:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-20 08:43 . 2009-12-20 08:43 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2009-12-20 08:43 . 2009-12-20 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-20 08:40 . 2009-12-20 08:40 152576 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 08:38 . 2009-12-20 08:39 79488 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 08:16 . 2009-12-20 08:16 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol
2009-12-20 08:16 . 2008-04-25 21:29 0 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol\Config.sys
2009-12-20 08:16 . 2008-04-25 21:29 0 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\WinPatrol\Autoexec.bat
2009-12-20 08:16 . 2009-12-20 08:16 -------- d-----w- c:\program files\BillP Studios
2009-12-20 06:29 . 2009-12-20 06:29 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Malwarebytes
2009-12-20 06:29 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 06:29 . 2010-01-10 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 06:29 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 06:29 . 2009-12-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 06:19 . 2009-12-20 06:19 -------- d-sh--w- c:\documents and settings\Carolyn Sue Pean\IETldCache
2009-12-20 03:04 . 2010-01-03 01:00 -------- dc-h--w- c:\windows\ie8
2009-12-19 14:48 . 2009-12-19 14:48 -------- d-----w- C:\_OTM
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Application Data\PC Tools
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Application Data\AT&T
2009-12-18 02:00 . 2009-12-18 02:00 -------- d-----w- c:\documents and settings\Carolyn Sue Pean\Local Settings\Application Data\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 02:56 . 2009-10-04 01:45 -------- d-----w- c:\program files\PokerStars
2010-01-03 00:09 . 2009-04-24 17:32 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-01-03 00:09 . 2009-11-22 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-03 00:09 . 2009-04-24 17:38 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\PC Tools
2010-01-03 00:00 . 2009-04-24 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-02 23:40 . 2009-04-17 04:46 34000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 20:36 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-27 19:03 . 2009-10-13 13:42 144 ----a-w- c:\documents and settings\Thomas Hugh Pean\Application Data\wklnhst.dat
2009-12-22 12:03 . 2009-11-03 05:33 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-12-20 08:46 . 2009-04-17 04:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-20 08:41 . 2009-04-17 04:41 -------- d-----w- c:\program files\Java
2009-12-06 20:29 . 2009-12-06 20:28 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Registry Cleaner
2009-12-06 17:12 . 2009-08-22 18:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-29 18:01 . 2009-11-29 18:01 -------- d-----w- c:\program files\Trend Micro
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Yahoo!
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-23 04:01 . 2009-11-23 04:01 -------- d-----w- c:\program files\Yahoo!
2009-11-23 04:01 . 2009-10-25 06:34 -------- d-----w- c:\program files\HP
2009-11-23 04:00 . 2009-10-25 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\program files\Common Files\HP
2009-11-23 04:00 . 2009-11-23 04:00 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-23 03:44 . 2009-10-04 01:37 -------- d-----w- c:\program files\PokerStars.NET
2009-11-23 03:43 . 2009-11-23 03:43 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\Snapfish
2009-11-23 03:04 . 2009-11-22 17:31 -------- d-----w- c:\program files\Spyware Doctor
2009-11-23 03:01 . 2009-11-23 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools(3)
2009-11-22 20:13 . 2009-10-26 03:30 -------- d-----w- c:\documents and settings\Thomas Hugh Pean\Application Data\HPAppData
2009-11-22 18:11 . 2009-11-22 18:11 -------- d-----w- c:\program files\Uniblue
2009-11-22 17:32 . 2009-04-24 17:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-25 06:42 . 2009-10-25 06:33 166369 ----a-w- c:\windows\hpoins28.dat
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-11_18.30.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-12 17:49 . 2010-01-12 17:49 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
+ 2008-04-25 16:16 . 2008-04-14 12:00 28672 c:\windows\system32\verclsid.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-11 2033432]

c:\documents and settings\Thomas Hugh Pean\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-11 18:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/11/2010 11:45 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/11/2010 11:45 AM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/11/2010 11:45 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/11/2010 11:45 AM 285392]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/17/2009 12:30 AM 108160]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [4/17/2009 12:30 AM 157696]
S0 cerc6;cerc6; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\drivers\audio\r203425\STacSV.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-01-12 10:54:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-12 17:54
ComboFix2.txt 2010-01-12 15:37
ComboFix3.txt 2010-01-11 18:34

Pre-Run: 298,646,843,392 bytes free
Post-Run: 298,509,004,800 bytes free

- - End Of File - - DD73A89A05179E45FD5C0E5059E51601



Thanks, PopaTom
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby peku006 » January 12th, 2010, 2:23 pm

Hi PopaTom

1 - Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Sites Redirected and Action Cancelled Pages.

Unread postby PopaTom » January 12th, 2010, 7:38 pm

Hi peku,
Here are the two items you requested. Thanks PopaTom


Malwarebytes' Anti-Malware 1.44
Database version: 3550
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2010 4:26:33 PM
mbam-log-2010-01-12 (16-26-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 176507
Time elapsed: 20 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP14\A0001987.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP16\A0002188.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP16\A0002357.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP16\A0002629.sys (Malware.Trace) -> Not selected for removal.

0000000000000000000000000000000000000000000000000000000

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:45 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USCON/1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.freshtracks.ca/images/aurora-borealis.jpg

--
End of file - 8995 bytes
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware