Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

how to remove all malwares?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: how to remove all malwares?

Unread postby Jmak » January 25th, 2010, 8:14 pm

Show All was unchecked and GMER did not find anything
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am
Advertisement
Register to Remove

Re: how to remove all malwares?

Unread postby Cypher » January 26th, 2010, 5:04 pm

Hi Jmak.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Messenger Plus! Live & Sponsor (CiD)


Next.

I see you have Malwarebytes' Anti-Malware installed.


Please download ATF Cleaner
to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • RSIT log.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » January 26th, 2010, 8:21 pm

Computer's been freezing everyday lately...please help get rid of the malware, thanks

Malwarebytes' Anti-Malware 1.44
Database version: 3642
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

26/01/2010 3:57:59 PM
mbam-log-2010-01-26 (15-57-59).txt

Scan type: Quick Scan
Objects scanned: 129204
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\cd14369c-f86b-426b-8596-f9fe583b2a45.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Jason Mak at 2010-01-26 16:12:48
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 248 GB (67%) free of 372 GB
Total RAM: 2038 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:58 PM, on 26/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Users\Jason Mak\Desktop\New Folder\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason Mak.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [dog about manager team] "C:\ProgramData\Ace store default.ca159vc"
O4 - HKCU\..\Run: [Setup flag] "C:\ProgramData\nounmeowmeow.niqd3"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [test] C:\Users\Jason Mak\AppData\Local\Temp\Rar$EX01.728\Bettler.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messenger ... 109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12802 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForJason Mak.job
C:\Windows\tasks\User_Feed_Synchronization-{F032D026-57FC-4605-A0FD-B7937CDBE7AB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-07-30 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-26 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-01 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-07-30 909040]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-01 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"CCUTRAYICON"=FactoryMode []
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2009-10-11 55072]
""= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-26 2033432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"dog about manager team"=C:\ProgramData\Ace store default.ca159vc [2008-09-16 184336]
"Setup flag"=C:\ProgramData\nounmeowmeow.niqd3 [2009-05-05 163856]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2009-11-12 2923192]
"test"=C:\Users\Jason Mak\AppData\Local\Temp\Rar$EX01.728\Bettler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-05-07 1273856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"$INSTDIR\FlvDetector.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\SETUP.EXE -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dd33297-30f8-11dd-9faa-001d6042445a}]
shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba69b229-0982-11dd-b5a0-001d6042445a}]
shell\AutoRun\command - J:\setupSNK.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-23 01:39:08 ----D---- C:\rsit
2010-01-21 15:35:12 ----SHD---- C:\Config.Msi
2010-01-21 15:32:08 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 15:32:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 15:32:07 ----A---- C:\Windows\system32\iertutil.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\occache.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-21 15:32:05 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-21 15:32:05 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iesetup.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iernonce.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-16 17:19:43 ----A---- C:\Windows\ntbtlog.txt
2010-01-15 19:01:01 ----A---- C:\Windows\eSellerateEngine.dll
2010-01-14 16:12:07 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-01-14 16:12:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-01-14 16:12:07 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-01-14 16:12:06 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-01-14 16:12:06 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-01-14 16:12:06 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-01-14 16:12:05 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-01-14 16:11:33 ----D---- C:\Program Files\OpenAL
2010-01-14 16:11:33 ----A---- C:\Windows\system32\wrap_oal.dll
2010-01-14 16:11:33 ----A---- C:\Windows\system32\OpenAL32.dll
2010-01-13 23:31:32 ----D---- C:\Program Files\a-squared Free
2010-01-13 23:29:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-13 23:29:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-13 15:48:47 ----D---- C:\1f600600f0bbdf5156e2a253c613ae63
2010-01-12 19:38:58 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 19:38:57 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 18:09:05 ----D---- C:\Windows\pss
2010-01-06 18:55:15 ----A---- C:\Windows\system32\ztvunrar36.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\ztvunace26.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\ztvcabinet.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\UNRAR3.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\unacev2.dll
2010-01-06 18:55:14 ----D---- C:\Users\Jason Mak\AppData\Roaming\Simply Super Software
2010-01-06 18:55:14 ----D---- C:\ProgramData\Simply Super Software
2010-01-06 18:55:14 ----D---- C:\Program Files\Trojan Remover
2010-01-06 16:20:48 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-01-06 16:20:36 ----D---- C:\Users\Jason Mak\AppData\Roaming\SUPERAntiSpyware.com
2010-01-06 16:20:36 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-06 16:17:21 ----D---- C:\Users\Jason Mak\AppData\Roaming\Malwarebytes
2010-01-06 16:17:14 ----D---- C:\ProgramData\Malwarebytes
2010-01-06 16:17:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 16:16:44 ----D---- C:\Program Files\Trend Micro
2010-01-06 16:13:56 ----D---- C:\Program Files\CCleaner
2009-12-31 21:11:44 ----A---- C:\Windows\UniFish3.exe
2009-12-31 16:05:23 ----D---- C:\Program Files\Garena
14109-05-05 14:57:29 ----D---- C:\ProgramData\Kaspersky Lab
14109-05-05 14:55:19 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
14109-05-03 22:46:23 ----D---- C:\Program Files\AVG

======List of files/folders modified in the last 1 months======

2010-01-26 16:12:57 ----D---- C:\Windows\Temp
2010-01-26 16:04:02 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 16:03:05 ----D---- C:\Program Files\Steam
2010-01-26 16:01:58 ----RD---- C:\Program Files
2010-01-26 16:00:35 ----D---- C:\Windows\system32\drivers
2010-01-26 15:59:26 ----D---- C:\Windows\Expert
2010-01-26 15:44:22 ----D---- C:\Windows\winsxs
2010-01-26 15:44:22 ----D---- C:\Program Files\Internet Explorer
2010-01-26 15:37:59 ----D---- C:\Windows\system32\catroot
2010-01-25 23:42:06 ----D---- C:\Windows\System32
2010-01-25 22:34:46 ----D---- C:\Windows\tracing
2010-01-25 18:08:03 ----D---- C:\ProgramData\avg9
2010-01-23 12:38:24 ----D---- C:\Program Files\Common Files\Steam
2010-01-23 00:04:39 ----D---- C:\Windows\Prefetch
2010-01-21 16:15:39 ----D---- C:\Windows\system32\catroot2
2010-01-21 16:14:05 ----D---- C:\Windows\Minidump
2010-01-21 16:13:59 ----D---- C:\Windows
2010-01-21 15:40:48 ----D---- C:\Windows\system32\migration
2010-01-21 15:35:15 ----SHD---- C:\Windows\Installer
2010-01-21 15:35:15 ----D---- C:\Program Files\Common Files
2010-01-21 15:33:45 ----D---- C:\Program Files\Java
2010-01-20 22:40:25 ----SHD---- C:\System Volume Information
2010-01-20 15:47:13 ----D---- C:\Program Files\AskBarDis
2010-01-20 15:20:54 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-15 18:57:06 ----D---- C:\ProgramData\WildTangent
2010-01-14 22:20:17 ----D---- C:\ProgramData\Microsoft Help
2010-01-14 06:40:51 ----D---- C:\Program Files\Cheat Engine
2010-01-13 23:57:41 ----SD---- C:\Windows\Downloaded Program Files
2010-01-13 23:29:07 ----HD---- C:\ProgramData
2010-01-13 15:55:16 ----D---- C:\Program Files\Windows Mail
2010-01-13 15:49:31 ----D---- C:\Windows\Debug
2010-01-11 18:16:49 ----D---- C:\Users\Jason Mak\AppData\Roaming\LimeWire
2010-01-09 22:37:34 ----D---- C:\Windows\Branding
2010-01-09 22:23:19 ----AD---- C:\ProgramData\TEMP
2010-01-07 22:37:22 ----D---- C:\Users\Jason Mak\AppData\Roaming\DivX
2010-01-06 18:04:06 ----D---- C:\Program Files\iWin Games
2010-01-06 17:24:24 ----D---- C:\Windows\Microsoft.NET
2010-01-06 17:24:23 ----RSD---- C:\Windows\assembly
2010-01-06 16:18:21 ----D---- C:\Users\Jason Mak\AppData\Roaming\Azureus
2010-01-04 16:17:48 ----A---- C:\Windows\system32\mrt.exe
2009-12-28 15:08:57 ----D---- C:\Windows\Tasks
2009-12-28 15:08:57 ----D---- C:\Windows\system32\Tasks
14109-05-04 22:17:51 ----HD---- C:\ProgramData\yahoo!
14109-05-04 22:17:36 ----D---- C:\Program Files\Yahoo!
14109-05-04 22:17:30 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-12-26 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-12-26 28424]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-12-26 360584]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2008-01-08 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-14 218752]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\Nexon\MapleStory\npkcrypt.sys []
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT; \??\C:\Users\JASONM~1\AppData\Local\Temp\nsdEA1B.tmp\TfFRegNt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\JASONM~1\AppData\Local\Temp\LWPB325.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\C:\Users\JASONM~1\AppData\Local\Temp\ir_ext_temp_5\AutoPlay\Docs\United Engine\IlvMoney1236.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Users\Jason Mak\Desktop\SysProtDrv.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-01 251904]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-26 285392]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-11-09 78104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 npkcmsvc;npkcmsvc; C:\Program Files\Nexon\MapleStory\npkcmsvc.exe [2008-12-24 88728]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-13 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-13 103736]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-08-31 26624]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des -service []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-01-23 326792]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am

Re: how to remove all malwares?

Unread postby Cypher » January 27th, 2010, 8:26 am

Hi Jmak.
Please continue with the instructions below.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts.

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper



    Logs/Information to Post in your Next Reply

    • ComboFix log.
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » January 27th, 2010, 7:55 pm

ComboFix 10-01-27.03 - Jason Mak 27/01/2010 15:29:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1165 [GMT -8:00]
Running from: c:\users\Jason Mak\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1222584859-2993816260-699220527-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3617768920-2280016657-2119380391-500
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
c:\users\Jason Mak\AppData\Roaming\BITS
c:\users\Jason Mak\AppData\Roaming\BITS\BITS.ini
c:\users\Jason Mak\AppData\Roaming\BITS\pl.dat
c:\users\Jason Mak\AppData\Roaming\FlashGetBHO
c:\users\Jason Mak\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Jason Mak\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Jason Mak\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\users\Jason Mak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Jason Mak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Jason Mak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Jason Mak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Jason Mak\Favorites\Download programs.url
c:\users\Jason Mak\Favorites\Games.url
c:\users\Jason Mak\Favorites\Translator.url
c:\users\Jason Mak\Favorites\Videos.url
c:\users\JASONM~1\FAVORI~1\Download programs.url
c:\users\JASONM~1\FAVORI~1\Games.url
c:\users\JASONM~1\FAVORI~1\Translator.url
c:\users\JASONM~1\FAVORI~1\Videos.url
c:\windows\expert
c:\windows\expert\XSNCR.INI

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 23:39 . 2010-01-27 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 23:39 . 2010-01-27 23:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-01-27 23:39 . 2010-01-27 23:39 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-01-27 23:39 . 2010-01-27 23:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-27 23:23 . 2010-01-27 23:23 -------- d-----w- c:\program files\ERUNT
2010-01-23 09:39 . 2010-01-23 09:39 -------- d-----w- C:\rsit
2010-01-23 08:52 . 2010-01-23 08:52 44288 ----a-w- c:\windows\system32\SysProtDrv.sys
2010-01-16 08:13 . 2010-01-16 08:13 -------- d-----w- c:\users\Jason Mak\AppData\Local\Cooliris
2010-01-16 03:01 . 2010-01-16 03:01 40 ----a-w- c:\windows\RSoftInfo.dat
2010-01-16 03:01 . 2010-01-16 03:01 352256 ----a-w- c:\windows\eSellerateEngine.dll
2010-01-15 00:12 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-01-15 00:12 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-15 00:12 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-15 00:12 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-15 00:11 . 2010-01-15 00:11 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-15 00:11 . 2010-01-15 00:11 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-15 00:11 . 2010-01-15 00:11 -------- d-----w- c:\program files\OpenAL
2010-01-14 07:31 . 2010-01-17 02:57 -------- d-----w- c:\program files\a-squared Free
2010-01-14 07:29 . 2010-01-21 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 07:29 . 2010-01-21 23:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 23:48 . 2010-01-13 23:55 -------- d-----w- C:\1f600600f0bbdf5156e2a253c613ae63
2010-01-13 03:38 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 03:38 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-07 02:55 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-07 02:55 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-07 02:55 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-07 02:55 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-01-07 02:55 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Trojan Remover
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Simply Super Software
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\programdata\Simply Super Software
2010-01-07 00:20 . 2010-01-07 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-07 00:20 . 2010-01-21 23:35 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\SUPERAntiSpyware.com
2010-01-07 00:20 . 2010-01-21 23:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-07 00:17 . 2010-01-07 00:17 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Malwarebytes
2010-01-07 00:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:17 . 2010-01-26 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 00:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:17 . 2010-01-07 00:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 00:16 . 2010-01-07 00:16 -------- d-----w- c:\program files\Trend Micro
2010-01-07 00:13 . 2010-01-07 00:13 -------- d-----w- c:\program files\CCleaner
2010-01-01 05:11 . 2010-01-01 05:14 239 ----a-w- c:\windows\PowerReg.dat
2010-01-01 05:11 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe
2010-01-01 00:05 . 2010-01-01 00:10 -------- d-----w- c:\program files\Garena
14109-05-05 22:57 . 2009-06-05 00:03 -------- d-----w- c:\programdata\Kaspersky Lab
14109-05-05 22:55 . 14109-05-05 22:55 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
14109-05-04 06:46 . 2009-12-26 10:41 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 20:04 . 2008-12-20 21:59 -------- d-----w- c:\program files\Steam
2010-01-27 17:47 . 2009-12-23 10:34 0 ----a-w- c:\users\Jason Mak\AppData\Local\prvlcl.dat
2010-01-26 23:48 . 2010-01-26 23:48 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-26 02:08 . 2009-12-26 10:41 -------- d-----w- c:\programdata\avg9
2010-01-23 20:38 . 2008-12-20 22:42 -------- d-----w- c:\program files\Common Files\Steam
2010-01-21 23:33 . 2007-08-12 01:42 -------- d-----w- c:\program files\Java
2010-01-20 23:47 . 2009-04-15 04:08 -------- d-----w- c:\program files\AskBarDis
2010-01-20 23:20 . 2009-04-16 06:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 05:37 . 2007-11-29 06:01 3756 ----a-w- c:\users\Jason Mak\AppData\Roaming\wklnhst.dat
2010-01-16 02:57 . 2007-08-12 01:25 -------- d-----w- c:\programdata\WildTangent
2010-01-15 06:20 . 2008-04-13 23:51 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 23:29 . 2010-01-26 23:41 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-14 23:29 . 2010-01-26 23:41 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-14 14:40 . 2009-05-10 23:50 -------- d-----w- c:\program files\Cheat Engine
2010-01-13 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 02:16 . 2007-12-01 03:58 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\LimeWire
2010-01-08 06:37 . 2009-12-21 10:45 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\DivX
2010-01-07 02:04 . 2009-08-20 03:28 -------- d-----w- c:\program files\iWin Games
2010-01-07 00:18 . 2009-04-15 04:07 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Azureus
2010-01-06 20:08 . 2010-01-16 08:13 4726272 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 20:08 . 2010-01-16 08:13 103424 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 20:08 . 2010-01-16 08:13 57856 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 20:08 . 2010-01-16 08:13 545280 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 20:08 . 2010-01-16 08:13 4725760 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 20:08 . 2010-01-16 08:13 344064 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-06 20:08 . 2010-01-16 08:13 153600 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-02 06:38 . 2010-01-21 23:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-26 11:21 . 2009-12-26 11:21 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\AVG9
2009-12-26 11:07 . 2009-12-26 10:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 11:07 . 2009-12-26 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 11:07 . 2009-12-26 10:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-26 11:07 . 2009-12-26 10:42 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-26 10:42 . 2009-12-26 10:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-24 02:41 . 2009-12-24 09:05 52224 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\FFExternalAlert.dll
2009-12-24 02:41 . 2009-12-24 09:05 101376 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\RadioWMPCore.dll
2009-12-21 10:43 . 2009-12-21 10:42 -------- d-----w- c:\program files\DivX
2009-12-21 10:43 . 2007-08-12 01:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 04:53 . 2009-07-26 06:19 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\HpUpdate
2009-12-08 00:14 . 2009-11-18 04:55 -------- d-----w- c:\program files\DriftCity
2009-12-04 03:19 . 2009-12-04 03:19 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-01 06:58 . 2007-08-12 01:10 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-01 06:58 . 2007-11-28 07:07 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Hewlett-Packard
2009-12-01 06:58 . 2007-08-12 02:12 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-19 03:49 . 2009-11-19 03:49 201356 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 03:48 . 2009-11-19 03:48 2165 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\rsi.hotmail.com
2009-11-18 23:31 . 2009-11-18 23:31 2141 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-18 23:31 . 2009-11-18 23:31 2095 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\login.live.com
2009-11-18 23:31 . 2009-11-18 23:31 1251 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2009-11-18 06:23 . 2009-11-18 06:24 38208 ----a-w- c:\users\Jason Mak\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-16 10:21 . 2009-06-08 11:15 205448 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxDvd.exe
2009-11-16 10:21 . 2009-06-08 11:15 266888 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxTray.exe
2009-11-16 10:21 . 2009-06-08 11:08 373384 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxStarter.exe
2009-11-16 10:21 . 2009-06-08 10:45 168584 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2009-11-16 10:12 . 2009-11-16 10:12 1581704 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxClient.exe
2009-11-16 09:17 . 2009-11-16 09:17 340616 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2009-11-16 09:17 . 2009-11-16 09:17 123528 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2009-11-15 09:37 . 2008-06-25 19:33 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-15 09:37 . 2008-06-25 19:33 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-15 09:37 . 2007-12-25 08:13 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-15 09:37 . 2007-12-25 08:13 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-15 09:37 . 2007-12-25 08:14 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-15 09:37 . 2007-12-25 08:13 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\users\Jason Mak\AppData\Roaming\PnkBstrK.sys
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\users\Jason Mak\AppData\Roaming\PnkBstrK.sys
2009-11-14 02:58 . 2009-11-14 02:33 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-14 02:33 . 2009-11-14 02:33 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-14 00:49 . 2007-08-12 01:39 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2007-08-12 01:39 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:49 . 2007-02-06 23:03 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-10 02:16 . 2008-06-04 02:37 46128 ----a-w- c:\programdata\iWin Games\firefox\iWinArcadeLauncher.exe
2009-11-09 12:31 . 2009-12-12 21:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 21:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 21:14 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-03 23:29 . 2007-11-28 07:18 123696 ----a-w- c:\users\Jason Mak\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-03 04:42 . 2009-10-03 01:47 195456 ------w- c:\windows\system32\MpSigStub.exe
14109-05-05 06:17 . 2007-08-12 01:54 -------- d--h--w- c:\programdata\yahoo!
14109-05-05 06:17 . 2007-08-12 01:54 -------- d-----w- c:\program files\Yahoo!
2007-08-12 01:51 . 2007-08-12 01:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dog about manager team"="c:\programdata\Ace store default.ca159vc" [X]
"Setup flag"="c:\programdata\nounmeowmeow.niqd3" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-13 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 150552]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-26 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8c,30,c2,f3,84,32,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [26/12/2009 2:42 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/12/2009 2:42 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/12/2009 2:42 AM 360584]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [13/01/2010 11:31 PM 1858144]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/12/2009 3:07 AM 285392]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 9:32 AM 208896]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 PM 1074568]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [09/11/2009 6:17 PM 78104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 8:13 AM 29696]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [02/06/2008 4:45 PM 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [02/06/2008 4:43 PM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [02/06/2008 4:43 PM 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\HPCeeScheduleForJason Mak.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-12 23:55]

2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{F032D026-57FC-4605-A0FD-B7937CDBE7AB}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=fir ... S:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\FFExternalAlert.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\RadioWMPCore.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Encarta Encyclopedia 2000 A - c:\program files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe
AddRemove-{E280923D-C5D9-4728-8C79-AC9A0DC75875} - c:\program files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 15:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85272841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x881acd24
\Driver\ACPI -> acpi.sys @ 0x80699d68
\Driver\atapi -> ataport.SYS @ 0x807afa2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\JASONM~1\AppData\Local\Temp\LWPB325.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2b,68,35,b7,ec,77,bf,f1,a4,3d,ce,96,25,b2,37,22,c0,a9,8a,a6,0c,54,c3,
ca,cf,c2,a0,d4,14,66,2b,59,d3,21,f1,20,30,db,1d,7b,80,56,0c,8c,33,be,b4,a7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001\Software\SecuROM\License information*]
"datasecu"=hex:77,31,6a,0e,13,09,86,59,3c,92,23,29,c4,f8,43,65,c0,ae,e4,6b,b6,
e1,a5,77,6a,9f,cb,24,38,00,fe,e1,21,ac,b1,af,06,d6,31,81,81,2b,d8,04,18,65,\
"rkeysecu"=hex:f7,57,41,d2,e2,5c,1f,b6,fd,f3,e0,18,25,d3,77,f3

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9e,05,74,ff,bb,6c,d9,d9,89,e5,19,7e,24,60,ec,e7,36,a2,2c,2e,ab,
8c,a5,85,ac,e6,f8,50,3a,d0,a8,23,bf,e6,9e,68,e3,05,80,dc,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,6b,38,29,df,dd,2d,1d,25,7c,b7,f0,b9,dc,59,e0,b2,bb,ab,68,97,
48,0d,36,8a,f6,ea,22,8a,60,31,8f,93,82,33,80,55,fc,41,ff,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{9296d726-1cd2-46e1-917a-2eaf4d627d0d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000de
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,bd,fc,19,8f,58,3c,8e,25,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{d2bf510e-03fa-4ac3-90a6-f6df4a25b1a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013a
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-01-27 15:52:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 23:52

Pre-Run: 259,130,044,416 bytes free
Post-Run: 259,234,004,992 bytes free

- - End Of File - - D2117AB9B6C937C9913612BF83F865C9
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am

Re: how to remove all malwares?

Unread postby Cypher » January 28th, 2010, 4:55 pm

Hi Jmak.
How is your computer performing, are you still getting redirected to sites?
Please continue with the instructions below.

Punkbuster warning

I see you have Punkbuster installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
  • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
  • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
  • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.
Please let me know what you would like to do.

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    C:\Windows\system32\GameMon.des.exe
    
    Folder::
    C:\1f600600f0bbdf5156e2a253c613ae63
    c:\program files\AskBarDis
    c:\users\Jason Mak\AppData\Roaming\LimeWire
    c:\users\Jason Mak\AppData\Roaming\Azureus
    C:\Users\Jason Mak\AppData\Local\Temp\Rar$EX01.728
    c:\programdata\Ace store default.ca159vc
    c:\programdata\nounmeowmeow.niqd3
    c:\windows\system32\GameMon.des -service
    
    Driver::
    npggsvc
    
    Registry::
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dog about manager team"=-
    "Setup flag"=-
    "test"=-
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.



Logs/Information to Post in your Next Reply

  • Punkbuster decision.
  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » January 29th, 2010, 4:43 am

Yes remove punkbuster if it helps get rid of malware
Still get redirected to sites btw


ComboFix 10-01-28.05 - Jason Mak 29/01/2010 0:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1137 [GMT -8:00]
Running from: c:\users\Jason Mak\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason Mak\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\GameMon.des.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1f600600f0bbdf5156e2a253c613ae63
c:\1f600600f0bbdf5156e2a253c613ae63\MRT.exe
c:\program files\AskBarDis
c:\users\Jason Mak\AppData\Roaming\Azureus
c:\users\Jason Mak\AppData\Roaming\Azureus\.certs
c:\users\Jason Mak\AppData\Roaming\Azureus\.keystore
c:\users\Jason Mak\AppData\Roaming\Azureus\.lock
c:\users\Jason Mak\AppData\Roaming\Azureus\active\4601DEFB2877A5C1F5132E5ACF57E45ACEEC5180.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\active\4EA451667268162E57ABAC0482EE4A57DF032794.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\active\cache.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\active\D211E7D44FDDCDBD3277D1C59C6B77AEA24EB0CD.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\azureus.config
c:\users\Jason Mak\AppData\Roaming\Azureus\azureus.statistics
c:\users\Jason Mak\AppData\Roaming\Azureus\cache\1191085919.ico
c:\users\Jason Mak\AppData\Roaming\Azureus\cnetworks.config
c:\users\Jason Mak\AppData\Roaming\Azureus\devices.config
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\general.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\net3\addresses.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\net3\contacts.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\net3\diverse.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\net3\version.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\dht\version.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\downloads.config
c:\users\Jason Mak\AppData\Roaming\Azureus\friends.config
c:\users\Jason Mak\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Jason Mak\AppData\Roaming\Azureus\metasearch.config
c:\users\Jason Mak\AppData\Roaming\Azureus\net\pm_6327.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Jason Mak\AppData\Roaming\Azureus\subs\75073EF5A9EA448FA71D.vuze
c:\users\Jason Mak\AppData\Roaming\Azureus\subscriptions.config
c:\users\Jason Mak\AppData\Roaming\Azureus\tables.config
c:\users\Jason Mak\AppData\Roaming\Azureus\torrents\AZU4069166486322495536.tmp
c:\users\Jason Mak\AppData\Roaming\Azureus\torrents\AZU4941580240540332587.tmp
c:\users\Jason Mak\AppData\Roaming\Azureus\torrents\Call of Duty(R) 4 - Modern Warfare.torrent
c:\users\Jason Mak\AppData\Roaming\Azureus\torrents\NHL.09-RELOADED.4463451.TPB.torrent
c:\users\Jason Mak\AppData\Roaming\Azureus\tracker.config
c:\users\Jason Mak\AppData\Roaming\Azureus\unsentdata.config
c:\users\Jason Mak\AppData\Roaming\Azureus\update.properties
c:\users\Jason Mak\AppData\Roaming\Azureus\v3.Friends.dat
c:\users\Jason Mak\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Jason Mak\AppData\Roaming\LimeWire
c:\users\Jason Mak\AppData\Roaming\LimeWire\.AppSpecialShare\NHL.09-RELOADED.torrent.bak
c:\users\Jason Mak\AppData\Roaming\LimeWire\414splashfree.png
c:\users\Jason Mak\AppData\Roaming\LimeWire\active.mojito
c:\users\Jason Mak\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Jason Mak\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Jason Mak\AppData\Roaming\LimeWire\downloads.dat
c:\users\Jason Mak\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Jason Mak\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Jason Mak\AppData\Roaming\LimeWire\filters.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\gnutella.net
c:\users\Jason Mak\AppData\Roaming\LimeWire\installation.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\library.dat
c:\users\Jason Mak\AppData\Roaming\LimeWire\limewire.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\mojito.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Jason Mak\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Jason Mak\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Jason Mak\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Jason Mak\AppData\Roaming\LimeWire\questions.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\responses.cache
c:\users\Jason Mak\AppData\Roaming\LimeWire\simpp.xml
c:\users\Jason Mak\AppData\Roaming\LimeWire\spam.dat
c:\users\Jason Mak\AppData\Roaming\LimeWire\tables.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\splash.png
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\splashpro.png
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\Jason Mak\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\ttree.cache
c:\users\Jason Mak\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Jason Mak\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Jason Mak\AppData\Roaming\LimeWire\version.xml
c:\users\Jason Mak\AppData\Roaming\LimeWire\versions.props
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\data\delete_me
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\Jason Mak\AppData\Roaming\LimeWire\xml\schemas\video.xsd

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 08:38 . 2010-01-29 08:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-01-29 08:38 . 2010-01-29 08:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-29 08:38 . 2010-01-29 08:38 -------- d-----w- c:\users\jason\AppData\Local\temp
2010-01-29 08:38 . 2010-01-29 08:38 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-01-29 08:38 . 2010-01-29 08:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-29 08:38 . 2010-01-29 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-28 07:30 . 2010-01-28 07:30 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-27 23:52 . 2010-01-29 08:38 -------- d-----w- c:\users\Jason Mak\AppData\Local\temp
2010-01-27 23:23 . 2010-01-27 23:23 -------- d-----w- c:\program files\ERUNT
2010-01-26 23:48 . 2010-01-26 23:48 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-26 23:41 . 2010-01-14 23:29 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-26 23:41 . 2010-01-14 23:29 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-23 09:39 . 2010-01-23 09:39 -------- d-----w- C:\rsit
2010-01-23 08:52 . 2010-01-23 08:52 44288 ----a-w- c:\windows\system32\SysProtDrv.sys
2010-01-16 08:13 . 2010-01-16 08:13 -------- d-----w- c:\users\Jason Mak\AppData\Local\Cooliris
2010-01-16 08:13 . 2010-01-06 20:08 4726272 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-16 08:13 . 2010-01-06 20:08 103424 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-16 08:13 . 2010-01-06 20:08 57856 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-16 08:13 . 2010-01-06 20:08 545280 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-16 08:13 . 2010-01-06 20:08 4725760 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-16 08:13 . 2010-01-06 20:08 344064 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-16 08:13 . 2010-01-06 20:08 153600 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-16 03:01 . 2010-01-16 03:01 40 ----a-w- c:\windows\RSoftInfo.dat
2010-01-16 03:01 . 2010-01-16 03:01 352256 ----a-w- c:\windows\eSellerateEngine.dll
2010-01-15 00:12 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-01-15 00:12 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-15 00:12 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-15 00:12 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-15 00:11 . 2010-01-15 00:11 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-15 00:11 . 2010-01-15 00:11 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-15 00:11 . 2010-01-15 00:11 -------- d-----w- c:\program files\OpenAL
2010-01-14 07:31 . 2010-01-17 02:57 -------- d-----w- c:\program files\a-squared Free
2010-01-14 07:29 . 2010-01-21 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 07:29 . 2010-01-21 23:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 03:38 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 03:38 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-07 02:55 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-07 02:55 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-07 02:55 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-07 02:55 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-01-07 02:55 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Trojan Remover
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Simply Super Software
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\programdata\Simply Super Software
2010-01-07 00:20 . 2010-01-07 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-07 00:20 . 2010-01-21 23:35 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\SUPERAntiSpyware.com
2010-01-07 00:20 . 2010-01-21 23:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-07 00:17 . 2010-01-07 00:17 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Malwarebytes
2010-01-07 00:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:17 . 2010-01-26 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 00:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:17 . 2010-01-07 00:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 00:16 . 2010-01-07 00:16 -------- d-----w- c:\program files\Trend Micro
2010-01-07 00:13 . 2010-01-07 00:13 -------- d-----w- c:\program files\CCleaner
2010-01-01 05:11 . 2010-01-01 05:14 239 ----a-w- c:\windows\PowerReg.dat
2010-01-01 05:11 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe
2010-01-01 00:05 . 2010-01-01 00:10 -------- d-----w- c:\program files\Garena
14109-05-05 22:57 . 2009-06-05 00:03 -------- d-----w- c:\programdata\Kaspersky Lab
14109-05-05 22:55 . 14109-05-05 22:55 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
14109-05-04 06:46 . 2009-12-26 10:41 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 07:47 . 2009-12-23 10:34 0 ----a-w- c:\users\Jason Mak\AppData\Local\prvlcl.dat
2010-01-28 22:22 . 2008-12-20 21:59 -------- d-----w- c:\program files\Steam
2010-01-28 07:30 . 2008-01-16 01:28 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-26 02:08 . 2009-12-26 10:41 -------- d-----w- c:\programdata\avg9
2010-01-23 20:38 . 2008-12-20 22:42 -------- d-----w- c:\program files\Common Files\Steam
2010-01-21 23:33 . 2007-08-12 01:42 -------- d-----w- c:\program files\Java
2010-01-20 23:20 . 2009-04-16 06:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 05:37 . 2007-11-29 06:01 3756 ----a-w- c:\users\Jason Mak\AppData\Roaming\wklnhst.dat
2010-01-16 02:57 . 2007-08-12 01:25 -------- d-----w- c:\programdata\WildTangent
2010-01-15 06:20 . 2008-04-13 23:51 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 14:40 . 2009-05-10 23:50 -------- d-----w- c:\program files\Cheat Engine
2010-01-13 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 06:37 . 2009-12-21 10:45 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\DivX
2010-01-07 02:04 . 2009-08-20 03:28 -------- d-----w- c:\program files\iWin Games
2010-01-02 06:38 . 2010-01-21 23:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-26 11:21 . 2009-12-26 11:21 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\AVG9
2009-12-26 11:07 . 2009-12-26 10:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 11:07 . 2009-12-26 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 11:07 . 2009-12-26 10:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-26 11:07 . 2009-12-26 10:42 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-26 10:42 . 2009-12-26 10:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-24 02:41 . 2009-12-24 09:05 52224 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\FFExternalAlert.dll
2009-12-24 02:41 . 2009-12-24 09:05 101376 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\RadioWMPCore.dll
2009-12-21 10:43 . 2009-12-21 10:42 -------- d-----w- c:\program files\DivX
2009-12-21 10:43 . 2007-08-12 01:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 04:53 . 2009-07-26 06:19 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\HpUpdate
2009-12-08 00:14 . 2009-11-18 04:55 -------- d-----w- c:\program files\DriftCity
2009-12-04 03:19 . 2009-12-04 03:19 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-01 06:58 . 2007-08-12 01:10 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-01 06:58 . 2007-11-28 07:07 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Hewlett-Packard
2009-12-01 06:58 . 2007-08-12 02:12 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-19 03:49 . 2009-11-19 03:49 201356 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 03:48 . 2009-11-19 03:48 2165 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\rsi.hotmail.com
2009-11-18 23:31 . 2009-11-18 23:31 2141 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-18 23:31 . 2009-11-18 23:31 2095 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\login.live.com
2009-11-18 23:31 . 2009-11-18 23:31 1251 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2009-11-18 06:23 . 2009-11-18 06:24 38208 ----a-w- c:\users\Jason Mak\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-17 23:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-16 10:21 . 2009-06-08 11:15 205448 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxDvd.exe
2009-11-16 10:21 . 2009-06-08 11:15 266888 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxTray.exe
2009-11-16 10:21 . 2009-06-08 11:08 373384 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxStarter.exe
2009-11-16 10:21 . 2009-06-08 10:45 168584 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2009-11-16 10:12 . 2009-11-16 10:12 1581704 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxClient.exe
2009-11-16 09:17 . 2009-11-16 09:17 340616 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2009-11-16 09:17 . 2009-11-16 09:17 123528 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2009-11-15 09:37 . 2008-06-25 19:33 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-15 09:37 . 2008-06-25 19:33 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-15 09:37 . 2007-12-25 08:13 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-15 09:37 . 2007-12-25 08:13 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-15 09:37 . 2007-12-25 08:14 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-15 09:37 . 2007-12-25 08:13 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\users\Jason Mak\AppData\Roaming\PnkBstrK.sys
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\users\Jason Mak\AppData\Roaming\PnkBstrK.sys
2009-11-14 02:58 . 2009-11-14 02:33 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-14 02:33 . 2009-11-14 02:33 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-14 00:49 . 2007-08-12 01:39 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2007-08-12 01:39 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:49 . 2007-02-06 23:03 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-10 02:16 . 2008-06-04 02:37 46128 ----a-w- c:\programdata\iWin Games\firefox\iWinArcadeLauncher.exe
2009-11-09 12:31 . 2009-12-12 21:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 21:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 21:14 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-03 23:29 . 2007-11-28 07:18 123696 ----a-w- c:\users\Jason Mak\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-03 04:42 . 2009-10-03 01:47 195456 ------w- c:\windows\system32\MpSigStub.exe
14109-05-05 06:17 . 2007-08-12 01:54 -------- d--h--w- c:\programdata\yahoo!
14109-05-05 06:17 . 2007-08-12 01:54 -------- d-----w- c:\program files\Yahoo!
2007-08-12 01:51 . 2007-08-12 01:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-13 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 150552]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-26 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8c,30,c2,f3,84,32,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [26/12/2009 2:42 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/12/2009 2:42 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/12/2009 2:42 AM 360584]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [13/01/2010 11:31 PM 1858144]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/12/2009 3:07 AM 285392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 PM 1074568]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [09/11/2009 6:17 PM 78104]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 9:32 AM 208896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 8:13 AM 29696]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [02/06/2008 4:45 PM 21504]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [02/06/2008 4:43 PM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [02/06/2008 4:43 PM 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\HPCeeScheduleForJason Mak.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-12 23:55]

2010-01-29 c:\windows\Tasks\User_Feed_Synchronization-{F032D026-57FC-4605-A0FD-B7937CDBE7AB}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=fir ... S:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\FFExternalAlert.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\RadioWMPCore.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 00:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85219841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x881abd24
\Driver\ACPI -> acpi.sys @ 0x80696d68
\Driver\atapi -> ataport.SYS @ 0x807aca2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\JASONM~1\AppData\Local\Temp\LWPB325.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2b,68,35,b7,ec,77,bf,f1,a4,3d,ce,96,25,b2,37,22,c0,a9,8a,a6,0c,54,c3,
ca,cf,c2,a0,d4,14,66,2b,59,d3,21,f1,20,30,db,1d,7b,80,56,0c,8c,33,be,b4,a7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001\Software\SecuROM\License information*]
"datasecu"=hex:77,31,6a,0e,13,09,86,59,3c,92,23,29,c4,f8,43,65,c0,ae,e4,6b,b6,
e1,a5,77,6a,9f,cb,24,38,00,fe,e1,21,ac,b1,af,06,d6,31,81,81,2b,d8,04,18,65,\
"rkeysecu"=hex:f7,57,41,d2,e2,5c,1f,b6,fd,f3,e0,18,25,d3,77,f3

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9e,05,74,ff,bb,6c,d9,d9,89,e5,19,7e,24,60,ec,e7,36,a2,2c,2e,ab,
8c,a5,85,ac,e6,f8,50,3a,d0,a8,23,bf,e6,9e,68,e3,05,80,dc,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,6b,38,29,df,dd,2d,1d,25,7c,b7,f0,b9,dc,59,e0,b2,bb,ab,68,97,
48,0d,36,8a,f6,ea,22,8a,60,31,8f,93,82,33,80,55,fc,41,ff,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{9296d726-1cd2-46e1-917a-2eaf4d627d0d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000de
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,bd,fc,19,8f,58,3c,8e,25,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{d2bf510e-03fa-4ac3-90a6-f6df4a25b1a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013a
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-29 00:41:56
ComboFix-quarantined-files.txt 2010-01-29 08:41
ComboFix2.txt 2010-01-27 23:52

Pre-Run: 259,162,300,416 bytes free
Post-Run: 259,116,814,336 bytes free

- - End Of File - - 4725526467752087FFA9FF2642B5B546
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am

Re: how to remove all malwares?

Unread postby Cypher » January 29th, 2010, 12:34 pm

Hi Jmak.
Please continue with the instructions below.


Uninstall PunkBuster
Please download PBSVC Setup Program. Save it to your desktop.
  1. Right click on pbsvc.exe And select " Run as administrator " to start it... then click Uninstall.
    Once that's finished...
  2. Click on Start > All programs > Accessories > Run and copy and paste the following into the open text box:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  3. Click OK. A black box will flash very briefly, this is normal.
  4. Double click My Computer on your desktop and browse to C:\windows\system32\drivers
  5. Locate the file: PnkBstrK.sys... if found delete it.
Let me know if you performed these steps successfully.

Next.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Next extract (unzip) its contents to your Desktop.
  • Next double-click the TDSSKiller Folder on your desktop.
  • Next right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Next Highlight and copy the text in the codebox below.
    Code: Select all
    "%userprofile%\Desktop\TDSSKiller.exe" -v
  • Click on Start > All programs > Accessories > Run.... and paste the text above into the Open: line and click OK.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
  • a log file should be created on your C: drive named something like TDSSKiller 2.1.1 Dec 20 2009 02:40:02
  • To find the log click Start > Computer > Vista C:.
  • Please post the contents of that log in your next reply.



Logs/Information to Post in your Next Reply

  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » January 30th, 2010, 5:22 am

still get redirected i believe

01:16:19:817 5872 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
01:16:19:817 5872 ================================================================================
01:16:19:817 5872 SystemInfo:

01:16:19:817 5872 OS Version: 6.0.6002 ServicePack: 2.0
01:16:19:817 5872 Product type: Workstation
01:16:19:817 5872 ComputerName: JASONMAK-PC
01:16:19:818 5872 UserName: Jason Mak
01:16:19:818 5872 Windows directory: C:\Windows
01:16:19:818 5872 Processor architecture: Intel x86
01:16:19:818 5872 Number of processors: 2
01:16:19:818 5872 Page size: 0x1000
01:16:19:819 5872 Boot type: Normal boot
01:16:19:819 5872 ================================================================================
01:16:19:823 5872 UnloadDriverW: NtUnloadDriver error 2
01:16:19:823 5872 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
01:16:19:824 5872 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
01:16:20:863 5872 UtilityInit: KLMD drop and load success
01:16:20:863 5872 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
01:16:20:864 5872 UtilityInit: KLMD open success
01:16:20:864 5872 UtilityInit: Initialize success
01:16:20:864 5872
01:16:20:864 5872 Scanning Services ...
01:16:20:864 5872 CreateRegParser: Registry parser init started
01:16:20:864 5872 CreateRegParser: DisableWow64Redirection error
01:16:20:864 5872 wfopen_ex: Trying to open file C:\Windows\system32\config\system
01:16:20:890 5872 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
01:16:20:890 5872 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
01:16:20:890 5872 wfopen_ex: Trying to KLMD file open
01:16:20:890 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
01:16:20:890 5872 wfopen_ex: File opened ok (Flags 2)
01:16:20:891 5872 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 5E6B78
01:16:20:891 5872 wfopen_ex: Trying to open file C:\Windows\system32\config\software
01:16:20:893 5872 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
01:16:20:893 5872 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
01:16:20:893 5872 wfopen_ex: Trying to KLMD file open
01:16:20:893 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
01:16:20:893 5872 wfopen_ex: File opened ok (Flags 2)
01:16:20:893 5872 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 5E6BA0
01:16:20:893 5872 CreateRegParser: EnableWow64Redirection error
01:16:20:893 5872 CreateRegParser: RegParser init completed
01:16:21:702 5872 GetAdvancedServicesInfo: Raw services enum returned 439 services
01:16:21:705 5872 fclose_ex: Trying to close file C:\Windows\system32\config\system
01:16:21:705 5872 fclose_ex: Trying to close file C:\Windows\system32\config\software
01:16:21:705 5872
01:16:21:706 5872 Scanning Kernel memory ...
01:16:21:706 5872 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
01:16:21:706 5872 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 854641F8
01:16:21:706 5872 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
01:16:21:706 5872
01:16:21:706 5872 DetectCureTDL3: DEVICE_OBJECT: 86C74AC8
01:16:21:706 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C74AC8
01:16:21:706 5872 DetectCureTDL3: DEVICE_OBJECT: 86C6D280
01:16:21:706 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C6D280
01:16:21:706 5872 KLMD_ReadMem: Trying to ReadMemory 0x86C6D280[0x38]
01:16:21:706 5872 DetectCureTDL3: DRIVER_OBJECT: 86CCD230
01:16:21:706 5872 KLMD_ReadMem: Trying to ReadMemory 0x86CCD230[0xA8]
01:16:21:706 5872 KLMD_ReadMem: Trying to ReadMemory 0x86C6C5A8[0x1E]
01:16:21:706 5872 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
01:16:21:706 5872 DetectCureTDL3: IrpHandler (0) addr: 8D5F3FC8
01:16:21:706 5872 DetectCureTDL3: IrpHandler (1) addr: 822709D2
01:16:21:706 5872 DetectCureTDL3: IrpHandler (2) addr: 8D5F4040
01:16:21:706 5872 DetectCureTDL3: IrpHandler (3) addr: 8D5F40B8
01:16:21:706 5872 DetectCureTDL3: IrpHandler (4) addr: 8D5F40B8
01:16:21:706 5872 DetectCureTDL3: IrpHandler (5) addr: 822709D2
01:16:21:706 5872 DetectCureTDL3: IrpHandler (6) addr: 822709D2
01:16:21:706 5872 DetectCureTDL3: IrpHandler (7) addr: 822709D2
01:16:21:706 5872 DetectCureTDL3: IrpHandler (8) addr: 822709D2
01:16:21:706 5872 DetectCureTDL3: IrpHandler (9) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (10) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (11) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (12) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (13) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (14) addr: 8D5F3BC4
01:16:21:707 5872 DetectCureTDL3: IrpHandler (15) addr: 8D5E77E4
01:16:21:707 5872 DetectCureTDL3: IrpHandler (16) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (17) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (18) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (19) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (20) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (21) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (22) addr: 8D5F259C
01:16:21:707 5872 DetectCureTDL3: IrpHandler (23) addr: 8D5EF7A2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (24) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (25) addr: 822709D2
01:16:21:707 5872 DetectCureTDL3: IrpHandler (26) addr: 822709D2
01:16:21:707 5872 KLMD_ReadMem: Trying to ReadMemory 0x8D5E9F26[0x400]
01:16:21:707 5872 TDL3_StartIoHookDetect: CheckParameters: 4, 8D5EE000, 0
01:16:21:707 5872 TDL3_FileDetect: Processing driver: USBSTOR
01:16:21:707 5872 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:707 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:735 5872 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
01:16:21:735 5872
01:16:21:735 5872 DetectCureTDL3: DEVICE_OBJECT: 86C74030
01:16:21:735 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C74030
01:16:21:735 5872 DetectCureTDL3: DEVICE_OBJECT: 86B8C030
01:16:21:735 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B8C030
01:16:21:735 5872 KLMD_ReadMem: Trying to ReadMemory 0x86B8C030[0x38]
01:16:21:735 5872 DetectCureTDL3: DRIVER_OBJECT: 86CCD230
01:16:21:735 5872 KLMD_ReadMem: Trying to ReadMemory 0x86CCD230[0xA8]
01:16:21:735 5872 KLMD_ReadMem: Trying to ReadMemory 0x86C6C5A8[0x1E]
01:16:21:735 5872 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
01:16:21:735 5872 DetectCureTDL3: IrpHandler (0) addr: 8D5F3FC8
01:16:21:735 5872 DetectCureTDL3: IrpHandler (1) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (2) addr: 8D5F4040
01:16:21:735 5872 DetectCureTDL3: IrpHandler (3) addr: 8D5F40B8
01:16:21:735 5872 DetectCureTDL3: IrpHandler (4) addr: 8D5F40B8
01:16:21:735 5872 DetectCureTDL3: IrpHandler (5) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (6) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (7) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (8) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (9) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (10) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (11) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (12) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (13) addr: 822709D2
01:16:21:735 5872 DetectCureTDL3: IrpHandler (14) addr: 8D5F3BC4
01:16:21:735 5872 DetectCureTDL3: IrpHandler (15) addr: 8D5E77E4
01:16:21:735 5872 DetectCureTDL3: IrpHandler (16) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (17) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (18) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (19) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (20) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (21) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (22) addr: 8D5F259C
01:16:21:736 5872 DetectCureTDL3: IrpHandler (23) addr: 8D5EF7A2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (24) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (25) addr: 822709D2
01:16:21:736 5872 DetectCureTDL3: IrpHandler (26) addr: 822709D2
01:16:21:736 5872 KLMD_ReadMem: Trying to ReadMemory 0x8D5E9F26[0x400]
01:16:21:736 5872 TDL3_StartIoHookDetect: CheckParameters: 4, 8D5EE000, 0
01:16:21:736 5872 TDL3_FileDetect: Processing driver: USBSTOR
01:16:21:736 5872 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:736 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:738 5872 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
01:16:21:738 5872
01:16:21:738 5872 DetectCureTDL3: DEVICE_OBJECT: 86B8FAC8
01:16:21:738 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B8FAC8
01:16:21:738 5872 DetectCureTDL3: DEVICE_OBJECT: 86C8C368
01:16:21:738 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C8C368
01:16:21:738 5872 KLMD_ReadMem: Trying to ReadMemory 0x86C8C368[0x38]
01:16:21:738 5872 DetectCureTDL3: DRIVER_OBJECT: 86CCD230
01:16:21:738 5872 KLMD_ReadMem: Trying to ReadMemory 0x86CCD230[0xA8]
01:16:21:738 5872 KLMD_ReadMem: Trying to ReadMemory 0x86C6C5A8[0x1E]
01:16:21:738 5872 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
01:16:21:738 5872 DetectCureTDL3: IrpHandler (0) addr: 8D5F3FC8
01:16:21:738 5872 DetectCureTDL3: IrpHandler (1) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (2) addr: 8D5F4040
01:16:21:738 5872 DetectCureTDL3: IrpHandler (3) addr: 8D5F40B8
01:16:21:738 5872 DetectCureTDL3: IrpHandler (4) addr: 8D5F40B8
01:16:21:738 5872 DetectCureTDL3: IrpHandler (5) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (6) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (7) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (8) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (9) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (10) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (11) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (12) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (13) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (14) addr: 8D5F3BC4
01:16:21:738 5872 DetectCureTDL3: IrpHandler (15) addr: 8D5E77E4
01:16:21:738 5872 DetectCureTDL3: IrpHandler (16) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (17) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (18) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (19) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (20) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (21) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (22) addr: 8D5F259C
01:16:21:738 5872 DetectCureTDL3: IrpHandler (23) addr: 8D5EF7A2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (24) addr: 822709D2
01:16:21:738 5872 DetectCureTDL3: IrpHandler (25) addr: 822709D2
01:16:21:739 5872 DetectCureTDL3: IrpHandler (26) addr: 822709D2
01:16:21:739 5872 KLMD_ReadMem: Trying to ReadMemory 0x8D5E9F26[0x400]
01:16:21:739 5872 TDL3_StartIoHookDetect: CheckParameters: 4, 8D5EE000, 0
01:16:21:739 5872 TDL3_FileDetect: Processing driver: USBSTOR
01:16:21:739 5872 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:739 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:740 5872 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
01:16:21:740 5872
01:16:21:740 5872 DetectCureTDL3: DEVICE_OBJECT: 86B8C4F0
01:16:21:740 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B8C4F0
01:16:21:740 5872 DetectCureTDL3: DEVICE_OBJECT: 86B96568
01:16:21:740 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B96568
01:16:21:740 5872 KLMD_ReadMem: Trying to ReadMemory 0x86B96568[0x38]
01:16:21:740 5872 DetectCureTDL3: DRIVER_OBJECT: 86CCD230
01:16:21:740 5872 KLMD_ReadMem: Trying to ReadMemory 0x86CCD230[0xA8]
01:16:21:740 5872 KLMD_ReadMem: Trying to ReadMemory 0x86C6C5A8[0x1E]
01:16:21:740 5872 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
01:16:21:741 5872 DetectCureTDL3: IrpHandler (0) addr: 8D5F3FC8
01:16:21:741 5872 DetectCureTDL3: IrpHandler (1) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (2) addr: 8D5F4040
01:16:21:741 5872 DetectCureTDL3: IrpHandler (3) addr: 8D5F40B8
01:16:21:741 5872 DetectCureTDL3: IrpHandler (4) addr: 8D5F40B8
01:16:21:741 5872 DetectCureTDL3: IrpHandler (5) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (6) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (7) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (8) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (9) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (10) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (11) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (12) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (13) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (14) addr: 8D5F3BC4
01:16:21:741 5872 DetectCureTDL3: IrpHandler (15) addr: 8D5E77E4
01:16:21:741 5872 DetectCureTDL3: IrpHandler (16) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (17) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (18) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (19) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (20) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (21) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (22) addr: 8D5F259C
01:16:21:741 5872 DetectCureTDL3: IrpHandler (23) addr: 8D5EF7A2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (24) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (25) addr: 822709D2
01:16:21:741 5872 DetectCureTDL3: IrpHandler (26) addr: 822709D2
01:16:21:741 5872 KLMD_ReadMem: Trying to ReadMemory 0x8D5E9F26[0x400]
01:16:21:741 5872 TDL3_StartIoHookDetect: CheckParameters: 4, 8D5EE000, 0
01:16:21:741 5872 TDL3_FileDetect: Processing driver: USBSTOR
01:16:21:741 5872 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:741 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:21:743 5872 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
01:16:21:743 5872
01:16:21:743 5872 DetectCureTDL3: DEVICE_OBJECT: 85AC33A8
01:16:21:743 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85AC33A8
01:16:21:743 5872 DetectCureTDL3: DEVICE_OBJECT: 85209910
01:16:21:743 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85209910
01:16:21:743 5872 DetectCureTDL3: DEVICE_OBJECT: 85213B98
01:16:21:743 5872 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85213B98
01:16:21:743 5872 KLMD_ReadMem: Trying to ReadMemory 0x85213B98[0x38]
01:16:21:743 5872 DetectCureTDL3: DRIVER_OBJECT: 864A1108
01:16:21:743 5872 KLMD_ReadMem: Trying to ReadMemory 0x864A1108[0xA8]
01:16:21:743 5872 KLMD_ReadMem: Trying to ReadMemory 0x8486A028[0x38]
01:16:21:743 5872 KLMD_ReadMem: Trying to ReadMemory 0x84479030[0xA8]
01:16:21:743 5872 KLMD_ReadMem: Trying to ReadMemory 0x848560C8[0x1A]
01:16:21:743 5872 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
01:16:21:743 5872 DetectCureTDL3: IrpHandler (0) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (1) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (2) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (3) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (4) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (5) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (6) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (7) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (8) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (9) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (10) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (11) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (12) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (13) addr: 85219841
01:16:21:743 5872 DetectCureTDL3: IrpHandler (14) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (15) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (16) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (17) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (18) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (19) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (20) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (21) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (22) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (23) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (24) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (25) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: IrpHandler (26) addr: 85219841
01:16:21:744 5872 DetectCureTDL3: All IRP handlers pointed to one addr: 85219841
01:16:21:744 5872 KLMD_ReadMem: Trying to ReadMemory 0x85219841[0x400]
01:16:21:744 5872 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
01:16:21:744 5872 Driver "atapi" Irp handler infected by TDSS rootkit ... 01:16:21:744 5872 KLMD_WriteMem: Trying to WriteMemory 0x852198BA[0xD]
01:16:21:744 5872 cured
01:16:21:744 5872 KLMD_ReadMem: Trying to ReadMemory 0x852196EC[0x400]
01:16:21:744 5872 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
01:16:21:744 5872 Driver "atapi" StartIo handler infected by TDSS rootkit ... 01:16:21:745 5872 TDL3_StartIoHookCure: Number of patches 1
01:16:21:745 5872 KLMD_WriteMem: Trying to WriteMemory 0x852197F5[0x6]
01:16:21:745 5872 cured
01:16:21:745 5872 TDL3_FileDetect: Processing driver: atapi
01:16:21:745 5872 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
01:16:21:745 5872 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
01:16:21:756 5872 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected
01:16:21:756 5872 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 01:16:21:756 5872 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys
01:16:24:556 5872 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys:19944, checking..
01:16:24:567 5872 ValidateDriverFile: Stage 1 passed
01:16:24:568 5872 ValidateDriverFile: Stage 2 passed
01:16:24:640 5872 DigitalSignVerifyByHandle: Embedded DS result: 00000000
01:16:24:640 5872 ValidateDriverFile: Stage 3 passed
01:16:24:640 5872 FileCallback: File validated successfully, restore information prepared
01:16:27:569 5872 FindDriverFileBackup: Backup copy found in DriverStore
01:16:27:569 5872 TDL3_FileCure: Backup copy found, using it..
01:16:27:569 5872 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk339E.tmp
01:16:27:632 5872 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk339E.tmp, system32\drivers\atapi.sys)
01:16:27:632 5872 TDL3_FileCure: KLMD jobs schedule success
01:16:27:632 5872 will be cured on next reboot
01:16:27:632 5872 UtilityBootReinit: Reboot required for cure complete..
01:16:27:633 5872 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
01:16:27:634 5872 UtilityBootReinit: KLMD drop success
01:16:27:635 5872 KLMD_ApplyPendList: Pending buffer(7E0A_28C0, 616) dropped successfully
01:16:27:635 5872 UtilityBootReinit: Cure on reboot scheduled successfully
01:16:27:635 5872
01:16:27:636 5872 Completed
01:16:27:636 5872
01:16:27:636 5872 Results:
01:16:27:636 5872 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
01:16:27:637 5872 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
01:16:27:637 5872 File objects infected / cured / cured on reboot: 1 / 0 / 1
01:16:27:637 5872
01:16:27:637 5872 UnloadDriverW: NtUnloadDriver error 1
01:16:27:637 5872 KLMD_Unload: UnloadDriverW(klmd21) error 1
01:16:27:651 5872 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
01:16:27:652 5872 UtilityDeinit: KLMD(ARK) unloaded successfully
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am

Re: how to remove all malwares?

Unread postby Cypher » January 30th, 2010, 10:21 am

Hi Jmak.
Are you sure you searches are still being redirected? That last fix should of fixed the problem.
Ok please reboot the computer at least twice before carrying out the instructions below.


Reset Host File

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: (Do not include the word Code:)
    Code: Select all
    @Echo off
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    del %0
  • Go to File >> Save As
  • Save File name as FixHosts.bat
  • Change Save as Type to All Files and save the file to your Desktop.
Now double click on the desktop FixHosts.bat to run the batch file. It will self-delete when completed.


Next.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Java(TM) SE Runtime Environment 6 Update 1


Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 18.
  • Click the orange Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.2 are vulnerable.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Logs/Information to Post in your Next Reply

  • RSIT log.txt
  • Please give me an update on your computers performance, are you still gettng redirects?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » January 30th, 2010, 3:24 pm

hahaa you're right no more redirecting

thank you soooo much for helping me get rid of it
:)
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am

Re: how to remove all malwares?

Unread postby Cypher » January 30th, 2010, 3:31 pm

Hi Jmak.
We still have a bit work to do :)
Please be sure to follow the instructions in my previous post.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » January 31st, 2010, 4:08 pm

you deserve a big thank you for helping me getting rid of the malware, no more redirecting. :)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jason Mak at 2010-01-31 12:06:20
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 249 GB (67%) free of 372 GB
Total RAM: 2038 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:50 PM, on 31/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\0
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\iWin Games\iWinTrusted.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nexon\MapleStory\npkcmsvc.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jason Mak\Desktop\New Folder\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Jason Mak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messenger ... 109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13128 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForJason Mak.job
C:\Windows\tasks\User_Feed_Synchronization-{F032D026-57FC-4605-A0FD-B7937CDBE7AB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-07-30 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-26 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-01 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-07-30 909040]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-01 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"CCUTRAYICON"=FactoryMode []
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2009-10-11 55072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-26 2033432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2009-11-12 2923192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-05-07 1273856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"$INSTDIR\FlvDetector.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-31 12:04:15 ----D---- C:\Program Files\Adobe
2010-01-31 12:03:48 ----SHD---- C:\Config.Msi
2010-01-31 12:02:25 ----D---- C:\ProgramData\Sun
2010-01-31 12:02:23 ----D---- C:\Program Files\Common Files\Java
2010-01-31 12:01:37 ----A---- C:\Windows\system32\javaws.exe
2010-01-31 12:01:37 ----A---- C:\Windows\system32\javaw.exe
2010-01-31 12:01:37 ----A---- C:\Windows\system32\java.exe
2010-01-30 01:16:19 ----A---- C:\TDSSKiller.2.2.2_30.01.2010_01.16.19_log.txt
2010-01-29 14:56:13 ----A---- C:\Windows\system32\pbsvc.exe
2010-01-29 10:03:58 ----SHD---- C:\Windows\system32\lowsec
2010-01-29 00:42:04 ----SHD---- C:\$RECYCLE.BIN
2010-01-29 00:41:58 ----A---- C:\ComboFix.txt
2010-01-29 00:24:10 ----D---- C:\ComboFix
2010-01-29 00:23:34 ----A---- C:\Windows\SWXCACLS.exe
2010-01-27 23:30:29 ----D---- C:\Program Files\Messenger Plus! Live
2010-01-27 15:26:34 ----A---- C:\Windows\zip.exe
2010-01-27 15:26:34 ----A---- C:\Windows\SWSC.exe
2010-01-27 15:26:34 ----A---- C:\Windows\SWREG.exe
2010-01-27 15:26:34 ----A---- C:\Windows\sed.exe
2010-01-27 15:26:34 ----A---- C:\Windows\PEV.exe
2010-01-27 15:26:34 ----A---- C:\Windows\NIRCMD.exe
2010-01-27 15:26:34 ----A---- C:\Windows\MBR.exe
2010-01-27 15:26:34 ----A---- C:\Windows\grep.exe
2010-01-27 15:25:49 ----D---- C:\Qoobox
2010-01-27 15:24:22 ----D---- C:\Windows\ERDNT
2010-01-27 15:23:42 ----D---- C:\Program Files\ERUNT
2010-01-23 01:39:08 ----D---- C:\rsit
2010-01-21 15:32:08 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 15:32:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 15:32:07 ----A---- C:\Windows\system32\iertutil.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\occache.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-21 15:32:06 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-21 15:32:05 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-21 15:32:05 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iesetup.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iernonce.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 15:32:05 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-16 17:19:43 ----A---- C:\Windows\ntbtlog.txt
2010-01-15 19:01:01 ----A---- C:\Windows\eSellerateEngine.dll
2010-01-14 16:12:07 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-01-14 16:12:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-01-14 16:12:07 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-01-14 16:12:06 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-01-14 16:12:06 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-01-14 16:12:06 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-01-14 16:12:05 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-01-14 16:11:33 ----D---- C:\Program Files\OpenAL
2010-01-14 16:11:33 ----A---- C:\Windows\system32\wrap_oal.dll
2010-01-14 16:11:33 ----A---- C:\Windows\system32\OpenAL32.dll
2010-01-13 23:31:32 ----D---- C:\Program Files\a-squared Free
2010-01-13 23:29:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-13 23:29:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-12 19:38:58 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 19:38:57 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 18:09:05 ----D---- C:\Windows\pss
2010-01-06 18:55:15 ----A---- C:\Windows\system32\ztvunrar36.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\ztvunace26.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\ztvcabinet.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\UNRAR3.dll
2010-01-06 18:55:15 ----A---- C:\Windows\system32\unacev2.dll
2010-01-06 18:55:14 ----D---- C:\Users\Jason Mak\AppData\Roaming\Simply Super Software
2010-01-06 18:55:14 ----D---- C:\ProgramData\Simply Super Software
2010-01-06 18:55:14 ----D---- C:\Program Files\Trojan Remover
2010-01-06 16:20:48 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-01-06 16:20:36 ----D---- C:\Users\Jason Mak\AppData\Roaming\SUPERAntiSpyware.com
2010-01-06 16:20:36 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-06 16:17:21 ----D---- C:\Users\Jason Mak\AppData\Roaming\Malwarebytes
2010-01-06 16:17:14 ----D---- C:\ProgramData\Malwarebytes
2010-01-06 16:17:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 16:16:44 ----D---- C:\Program Files\Trend Micro
2010-01-06 16:13:56 ----D---- C:\Program Files\CCleaner
14109-05-05 14:57:29 ----D---- C:\ProgramData\Kaspersky Lab
14109-05-05 14:55:19 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
14109-05-03 22:46:23 ----D---- C:\Program Files\AVG

======List of files/folders modified in the last 1 months======

2010-01-31 12:06:34 ----D---- C:\Windows\Prefetch
2010-01-31 12:06:28 ----D---- C:\Windows\Temp
2010-01-31 12:05:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 12:04:49 ----SHD---- C:\Windows\Installer
2010-01-31 12:04:44 ----D---- C:\ProgramData\Adobe
2010-01-31 12:04:24 ----D---- C:\Program Files\Common Files\Adobe
2010-01-31 12:04:15 ----RD---- C:\Program Files
2010-01-31 12:04:04 ----D---- C:\Windows\winsxs
2010-01-31 12:02:56 ----D---- C:\Windows\System32
2010-01-31 12:02:47 ----SHD---- C:\System Volume Information
2010-01-31 12:02:25 ----D---- C:\ProgramData
2010-01-31 12:02:23 ----D---- C:\Program Files\Common Files
2010-01-31 12:01:22 ----A---- C:\Windows\system32\deploytk.dll
2010-01-31 11:42:23 ----D---- C:\Windows\tracing
2010-01-30 01:18:10 ----D---- C:\Windows\system32\drivers
2010-01-30 00:34:07 ----D---- C:\Windows
2010-01-29 00:55:55 ----D---- C:\Program Files\Steam
2010-01-29 00:38:27 ----A---- C:\Windows\system.ini
2010-01-29 00:33:20 ----D---- C:\Windows\AppPatch
2010-01-27 23:30:40 ----D---- C:\ProgramData\Messenger Plus!
2010-01-27 15:40:31 ----D---- C:\Windows\system32\config
2010-01-27 15:40:31 ----D---- C:\Boot
2010-01-26 15:44:22 ----D---- C:\Program Files\Internet Explorer
2010-01-26 15:37:59 ----D---- C:\Windows\system32\catroot
2010-01-25 18:08:03 ----D---- C:\ProgramData\avg9
2010-01-23 12:38:24 ----D---- C:\Program Files\Common Files\Steam
2010-01-21 16:15:39 ----D---- C:\Windows\system32\catroot2
2010-01-21 16:14:05 ----D---- C:\Windows\Minidump
2010-01-21 15:40:48 ----D---- C:\Windows\system32\migration
2010-01-21 15:33:45 ----D---- C:\Program Files\Java
2010-01-20 15:20:54 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-15 18:57:06 ----D---- C:\ProgramData\WildTangent
2010-01-14 22:20:17 ----D---- C:\ProgramData\Microsoft Help
2010-01-14 06:40:51 ----D---- C:\Program Files\Cheat Engine
2010-01-13 23:57:41 ----SD---- C:\Windows\Downloaded Program Files
2010-01-13 15:55:16 ----D---- C:\Program Files\Windows Mail
2010-01-13 15:49:31 ----D---- C:\Windows\Debug
2010-01-09 22:37:34 ----D---- C:\Windows\Branding
2010-01-09 22:23:19 ----AD---- C:\ProgramData\TEMP
2010-01-07 22:37:22 ----D---- C:\Users\Jason Mak\AppData\Roaming\DivX
2010-01-06 18:04:06 ----D---- C:\Program Files\iWin Games
2010-01-06 17:24:24 ----D---- C:\Windows\Microsoft.NET
2010-01-06 17:24:23 ----RSD---- C:\Windows\assembly
2010-01-04 16:17:48 ----A---- C:\Windows\system32\mrt.exe
14109-05-04 22:17:51 ----HD---- C:\ProgramData\yahoo!
14109-05-04 22:17:36 ----D---- C:\Program Files\Yahoo!
14109-05-04 22:17:30 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-12-26 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-12-26 28424]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-12-26 360584]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2008-01-08 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-14 218752]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\Nexon\MapleStory\npkcrypt.sys []
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT; \??\C:\Users\JASONM~1\AppData\Local\Temp\nsdEA1B.tmp\TfFRegNt.sys []
S3 catchme;catchme; \??\C:\Users\JASONM~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\JASONM~1\AppData\Local\Temp\LWPB325.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Users\Jason Mak\Desktop\SysProtDrv.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-01 251904]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-26 285392]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-11-09 78104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 npkcmsvc;npkcmsvc; C:\Program Files\Nexon\MapleStory\npkcmsvc.exe [2008-12-24 88728]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-08-31 26624]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-01-23 326792]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am

Re: how to remove all malwares?

Unread postby Cypher » February 2nd, 2010, 12:21 pm

Hi Jmak.
Your welcome but we still have a few things to clean up.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    C:\Windows\system32\0
    C:\Windows\system32\sdra64.exe
    C:\Windows\system32\pbsvc.exe
    C:\Users\JASONM~1\AppData\Local\Temp\LWPB325.tmp
    
    Folder::
    C:\Windows\system32\lowsec
    
    Driver::
    GarenaPEngine
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: how to remove all malwares?

Unread postby Jmak » February 4th, 2010, 3:44 am

I believe there are no more redirecting...

ComboFix 10-02-03.04 - Jason Mak 03/02/2010 23:20:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1285 [GMT -8:00]
Running from: c:\users\Jason Mak\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason Mak\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\JASONM~1\AppData\Local\Temp\LWPB325.tmp"
"c:\windows\system32\0"
"c:\windows\system32\pbsvc.exe"
"c:\windows\system32\sdra64.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\0
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\pbsvc.exe
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine


((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 07:28 . 2010-02-04 07:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-02-04 07:28 . 2010-02-04 07:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-04 07:28 . 2010-02-04 07:28 -------- d-----w- c:\users\jason\AppData\Local\temp
2010-02-04 07:28 . 2010-02-04 07:28 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-02-04 07:28 . 2010-02-04 07:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-02-04 07:28 . 2010-02-04 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-31 22:59 . 2010-01-31 23:03 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Ventrilo
2010-01-31 22:58 . 2010-01-31 22:58 -------- d-----w- c:\program files\Ventrilo
2010-01-31 22:57 . 2010-01-31 22:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-31 20:02 . 2010-01-31 20:02 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 07:30 . 2010-01-28 07:30 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-27 23:52 . 2010-02-04 07:30 -------- d-----w- c:\users\Jason Mak\AppData\Local\temp
2010-01-27 23:23 . 2010-01-27 23:23 -------- d-----w- c:\program files\ERUNT
2010-01-23 09:39 . 2010-01-23 09:39 -------- d-----w- C:\rsit
2010-01-23 08:52 . 2010-01-23 08:52 44288 ----a-w- c:\windows\system32\SysProtDrv.sys
2010-01-16 08:13 . 2010-01-16 08:13 -------- d-----w- c:\users\Jason Mak\AppData\Local\Cooliris
2010-01-16 03:01 . 2010-01-16 03:01 40 ----a-w- c:\windows\RSoftInfo.dat
2010-01-16 03:01 . 2010-01-16 03:01 352256 ----a-w- c:\windows\eSellerateEngine.dll
2010-01-15 00:12 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-01-15 00:12 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-15 00:12 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-15 00:12 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-15 00:12 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-15 00:11 . 2010-01-15 00:11 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-15 00:11 . 2010-01-15 00:11 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-15 00:11 . 2010-01-15 00:11 -------- d-----w- c:\program files\OpenAL
2010-01-14 07:31 . 2010-01-17 02:57 -------- d-----w- c:\program files\a-squared Free
2010-01-14 07:29 . 2010-01-21 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 07:29 . 2010-01-21 23:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 03:38 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 03:38 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-07 02:55 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-07 02:55 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-07 02:55 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-07 02:55 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-01-07 02:55 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Trojan Remover
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Simply Super Software
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\programdata\Simply Super Software
2010-01-07 00:20 . 2010-01-07 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-07 00:20 . 2010-01-21 23:35 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\SUPERAntiSpyware.com
2010-01-07 00:20 . 2010-01-21 23:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-07 00:17 . 2010-01-07 00:17 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\Malwarebytes
2010-01-07 00:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:17 . 2010-01-26 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 00:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:17 . 2010-01-07 00:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 00:16 . 2010-01-07 00:16 -------- d-----w- c:\program files\Trend Micro
2010-01-07 00:13 . 2010-01-07 00:13 -------- d-----w- c:\program files\CCleaner
14109-05-05 22:57 . 2009-06-05 00:03 -------- d-----w- c:\programdata\Kaspersky Lab
14109-05-05 22:55 . 14109-05-05 22:55 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
14109-05-04 06:46 . 2009-12-26 10:41 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 06:47 . 2009-12-23 10:34 0 ----a-w- c:\users\Jason Mak\AppData\Local\prvlcl.dat
2010-01-31 21:52 . 2008-12-20 21:59 -------- d-----w- c:\program files\Steam
2010-01-31 20:04 . 2007-08-12 01:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-31 20:01 . 2009-06-18 23:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-30 09:18 . 2009-09-11 00:48 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-28 07:30 . 2008-01-16 01:28 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-26 23:48 . 2010-01-26 23:48 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-26 02:08 . 2009-12-26 10:41 -------- d-----w- c:\programdata\avg9
2010-01-23 20:38 . 2008-12-20 22:42 -------- d-----w- c:\program files\Common Files\Steam
2010-01-21 23:33 . 2007-08-12 01:42 -------- d-----w- c:\program files\Java
2010-01-20 23:20 . 2009-04-16 06:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 05:37 . 2007-11-29 06:01 3756 ----a-w- c:\users\Jason Mak\AppData\Roaming\wklnhst.dat
2010-01-16 02:57 . 2007-08-12 01:25 -------- d-----w- c:\programdata\WildTangent
2010-01-15 06:20 . 2008-04-13 23:51 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 23:29 . 2010-01-26 23:41 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-14 23:29 . 2010-01-26 23:41 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-14 14:40 . 2009-05-10 23:50 -------- d-----w- c:\program files\Cheat Engine
2010-01-13 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 06:37 . 2009-12-21 10:45 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\DivX
2010-01-07 02:04 . 2009-08-20 03:28 -------- d-----w- c:\program files\iWin Games
2010-01-02 06:38 . 2010-01-21 23:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 05:14 . 2010-01-01 05:11 239 ----a-w- c:\windows\PowerReg.dat
2010-01-01 00:10 . 2010-01-01 00:05 -------- d-----w- c:\program files\Garena
2009-12-26 11:21 . 2009-12-26 11:21 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\AVG9
2009-12-26 11:07 . 2009-12-26 10:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 11:07 . 2009-12-26 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 11:07 . 2009-12-26 10:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-26 11:07 . 2009-12-26 10:42 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-26 10:42 . 2009-12-26 10:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-24 02:41 . 2009-12-24 09:05 52224 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\FFExternalAlert.dll
2009-12-24 02:41 . 2009-12-24 09:05 101376 ----a-w- c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\RadioWMPCore.dll
2009-12-21 10:43 . 2009-12-21 10:42 -------- d-----w- c:\program files\DivX
2009-12-21 10:43 . 2007-08-12 01:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 04:53 . 2009-07-26 06:19 -------- d-----w- c:\users\Jason Mak\AppData\Roaming\HpUpdate
2009-12-08 00:14 . 2009-11-18 04:55 -------- d-----w- c:\program files\DriftCity
2009-12-04 03:19 . 2009-12-04 03:19 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-19 03:49 . 2009-11-19 03:49 201356 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 03:48 . 2009-11-19 03:48 2165 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\rsi.hotmail.com
2009-11-18 23:31 . 2009-11-18 23:31 2141 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-18 23:31 . 2009-11-18 23:31 2095 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\login.live.com
2009-11-18 23:31 . 2009-11-18 23:31 1251 ----a-w- c:\users\Jason Mak\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2009-11-18 06:23 . 2009-11-18 06:24 38208 ----a-w- c:\users\Jason Mak\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-16 10:21 . 2009-06-08 11:15 205448 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxDvd.exe
2009-11-16 10:21 . 2009-06-08 11:15 266888 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxTray.exe
2009-11-16 10:21 . 2009-06-08 11:08 373384 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxStarter.exe
2009-11-16 10:21 . 2009-06-08 10:45 168584 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2009-11-16 10:12 . 2009-11-16 10:12 1581704 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxClient.exe
2009-11-16 09:17 . 2009-11-16 09:17 340616 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2009-11-16 09:17 . 2009-11-16 09:17 123528 ----a-w- c:\users\Jason Mak\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2009-11-15 09:37 . 2008-06-25 19:33 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-15 09:37 . 2008-06-25 19:33 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-15 09:37 . 2007-12-25 08:13 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-15 09:37 . 2007-12-25 08:13 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-15 09:37 . 2007-12-25 08:14 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-15 09:37 . 2007-12-25 08:13 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\users\Jason Mak\AppData\Roaming\PnkBstrK.sys
2009-11-14 02:59 . 2009-11-14 02:59 22328 ----a-w- c:\users\Jason Mak\AppData\Roaming\PnkBstrK.sys
2009-11-14 02:58 . 2009-11-14 02:33 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-14 00:49 . 2007-08-12 01:39 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2007-08-12 01:39 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:49 . 2007-02-06 23:03 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-10 02:16 . 2008-06-04 02:37 46128 ----a-w- c:\programdata\iWin Games\firefox\iWinArcadeLauncher.exe
2009-11-09 12:31 . 2009-12-12 21:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 21:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 21:14 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-09 05:20 . 2009-11-09 05:20 138240 ----a-w- c:\users\Jason Mak\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
14109-05-05 06:17 . 2007-08-12 01:54 -------- d--h--w- c:\programdata\yahoo!
14109-05-05 06:17 . 2007-08-12 01:54 -------- d-----w- c:\program files\Yahoo!
2007-08-12 01:51 . 2007-08-12 01:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-13 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 150552]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8c,30,c2,f3,84,32,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [26/12/2009 2:42 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/12/2009 2:42 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/12/2009 2:42 AM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/12/2009 3:07 AM 285392]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 9:32 AM 208896]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 PM 1074568]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [09/11/2009 6:17 PM 78104]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [13/01/2010 11:31 PM 1858144]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 8:13 AM 29696]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [02/06/2008 4:45 PM 21504]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [02/06/2008 4:43 PM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [02/06/2008 4:43 PM 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\HPCeeScheduleForJason Mak.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-12 23:55]

2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{F032D026-57FC-4605-A0FD-B7937CDBE7AB}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=fir ... S:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\FFExternalAlert.dll
FF - component: c:\users\Jason Mak\AppData\Roaming\Mozilla\Firefox\Profiles\45wuh27w.default\extensions\{4a8f88b8-4a70-41bd-bc89-385c364116d9}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 23:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2b,68,35,b7,ec,77,bf,f1,a4,3d,ce,96,25,b2,37,22,c0,a9,8a,a6,0c,54,c3,
ca,cf,c2,a0,d4,14,66,2b,59,d3,21,f1,20,30,db,1d,7b,80,56,0c,8c,33,be,b4,a7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001\Software\SecuROM\License information*]
"datasecu"=hex:77,31,6a,0e,13,09,86,59,3c,92,23,29,c4,f8,43,65,c0,ae,e4,6b,b6,
e1,a5,77,6a,9f,cb,24,38,00,fe,e1,21,ac,b1,af,06,d6,31,81,81,2b,d8,04,18,65,\
"rkeysecu"=hex:f7,57,41,d2,e2,5c,1f,b6,fd,f3,e0,18,25,d3,77,f3

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9e,05,74,ff,bb,6c,d9,d9,89,e5,19,7e,24,60,ec,e7,36,a2,2c,2e,ab,
8c,a5,85,ac,e6,f8,50,3a,d0,a8,23,bf,e6,9e,68,e3,05,80,dc,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,6b,38,29,df,dd,2d,1d,25,7c,b7,f0,b9,dc,59,e0,b2,bb,ab,68,97,
48,0d,36,8a,f6,ea,22,8a,60,31,8f,93,82,33,80,55,fc,41,ff,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{9296d726-1cd2-46e1-917a-2eaf4d627d0d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000de
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,bd,fc,19,8f,58,3c,8e,25,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\

[HKEY_USERS\S-1-5-21-1222584859-2993816260-699220527-1001_Classes\CLSID\{d2bf510e-03fa-4ac3-90a6-f6df4a25b1a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013a
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nexon\MapleStory\npkcmsvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-02-03 23:40:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 07:39
ComboFix2.txt 2010-01-29 08:41
ComboFix3.txt 2010-01-27 23:52

Pre-Run: 259,306,422,272 bytes free
Post-Run: 259,055,689,728 bytes free

- - End Of File - - AA45002CFFF55500A3A32D8DADCE4918
Jmak
Regular Member
 
Posts: 19
Joined: January 13th, 2010, 2:12 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware