Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another Win32.FraudLoad.edt victim

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Another Win32.FraudLoad.edt victim

Unread postby kabe » February 18th, 2010, 4:11 pm

Found malware during routine Spybot scan but SB did not remove. Stupidly (with hindsight) used spamware AntiMalware which failed to remove and also added FraudLoad.Doktor. Downloaded and ran Malwarbytes which appeared to remove the infection. Further scan with Spybot and AVG indicated all clear. However, my browser now keeps opening at intervals the same web page (http://www.Vencos.net) which I have never previously visited. Tried to lock it out in the Windows Hosts file. Now instead of the web page I randomly get an error message saying "Unable to connect" and have to close the browser. Have run ATF Cleaner.
Your help appreciated.

Hijack and Uninstall follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:21 PM, on 2/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\X2Net\Smart Address\smartadr.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\X2Net\Smart Address\smartadr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\IdentityPatrol\IdentityPatrol.exe
C:\WINDOWS\system32\drivers\imon\PKSERV~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BeyondCopy\beyondcopy.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.DesktopManagement.Host.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Keith\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update - {9DC7B255-C5B5-4DA0-81FC-D6B70FEB8FC5} - C:\Program Files\IEUpdate\ieupdate.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [X2net Smart Address Monitor] C:\Program Files\X2Net\Smart Address\smartadr.exe Monitor
O4 - HKLM\..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [IdentityPatrol] C:\Program Files\IdentityPatrol\IdentityPatrol.exe
O4 - HKLM\..\Run: [THCS] C:\WINDOWS\system32\drivers\imon\PKSERV~1.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BeyondCopy] C:\Program Files\BeyondCopy\beyondcopy.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirements ... b_srlx.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/cl ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O24 - Desktop Component 0: (no name) - http://www.traderslaboratory.com/forums ... l.js?v=375

--
End of file - 12620 bytes

ACDSee Pro 2
AceMoney
Acrobat.com
ActionOutline Lite 3.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
Advanced Analyzer
Agere Systems HDA Modem
AmiBroker 5.20
AntiMalware Pro 2.1
Apple Software Update
AVG Free 9.0
BeyondCopy 1.26
Bonjour
Brother MFC-425CN
Custom Indicators Plugin 3.2
Digital Photo Navigator 1.5
dpeg Cicada
Easy Display Manager
EasyZip
Exif Tag Remover 2.0
Filzip 3.06
FolderMatch v3.5.1
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
Identity Patrol v2.0
IEUpdate 7.6
IncredibleCharts Pro
Intel(R) PROSet/Wireless Software
Jalbum
Jalbum
Jalbum 8.0
Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 15
Magic Keyboard
Malwarebytes' Anti-Malware
Matrox PowerDesk-SE (GXM)
MCE Software Encoder 1.0
mCore
mDriver
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mMHouse
Moneydance 2010
Mozilla Firefox (3.6)
mPfMgr
mPfWiz
mProSafe
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
mWlsSafe
mZConfig
Nero 6 Ultra Edition
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OEC Chart Package 3.4
OEC Chart Package Demo 3.4
OEC Custom Indicators Plugin 3.3
OEC Excel Add-In 3.3
OEC Market Replay 3.4
OEC Market Replay Demo 3.4
OEC MarketReplay Plugin 3.3
OEC RSS News Feed 3.4
OEC RSS News Feed Demo 3.4
OEC Trader 3.4
OEC Trader Demo 3.4
Oubliette 1.9.5
Panda ActiveScan 2.0
Picasa 3
PlayCamera
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
QuickTime
QuoteTracker
Realtek High Definition Audio Driver
Registry Patrol
Samsung Battery Manager
Samsung Magic Doctor
Samsung Network Manager 2.0
Samsung Update Plus
Samsung Update Plus
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Spybot - Search & Destroy
Stock-Signal-Pro Pivot Trader
Synaptics Pointing Device Driver
System Requirements Lab
thinkorswim from TD AMERITRADE
Uniblue RegistryBooster 2
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
User Guide
Voice Recorder 1.0.1.39
WebEx
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
Windows XP Service Pack 3
WinRAR archiver
WOW XT and TSXT Filter Driver
X2Net Reporter V1.1.0.15
X2Net Smart Address 5.6
YNAB 3
YNAB 3
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm
Advertisement
Register to Remove

Re: Another Win32.FraudLoad.edt victim

Unread postby Katana » February 27th, 2010, 9:09 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of log.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » February 27th, 2010, 11:44 am

Thank you for the assistance. Various antimalware programs including MalwareBytes, Spybot and AVG report a clear system. However, redirection is still a BIG problem. I can only work for a minute or two with IE or Firefox before getting redirected. the redirection site is vencos.net/n but I have blocked it with an entry in Windows Hosts. Now, instead of redirection, I get the "Oops this link appears to be broken" message. I have tried three different search engines but all react the same way. If I try to run antimalware progs in Safe Mode the computer closes down after a minute or so.

The logfiles you have asked for follow:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Keith at 2010-02-27 16:31:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (33%) free of 104 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:52 PM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\X2Net\Smart Address\smartadr.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\Program Files\X2Net\Smart Address\smartadr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BeyondCopy\beyondcopy.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.DesktopManagement.Host.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith\Desktop\Malware Removal\RSIT.exe
C:\Documents and Settings\Keith\Desktop\Keith.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update - {9DC7B255-C5B5-4DA0-81FC-D6B70FEB8FC5} - C:\Program Files\IEUpdate\ieupdate.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [DMHotKey] "C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe"
O4 - HKLM\..\Run: [MagicKeyboard] "C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe"
O4 - HKLM\..\Run: [BatteryManager] "C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [X2net Smart Address Monitor] "C:\Program Files\X2Net\Smart Address\smartadr.exe" Monitor
O4 - HKLM\..\Run: [SUPBackGround] "C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] "C:\PROGRA~1\AVG\AVG9\avgtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BeyondCopy] C:\Program Files\BeyondCopy\beyondcopy.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirements ... b_srlx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/cl ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O24 - Desktop Component 0: (no name) - http://www.traderslaboratory.com/forums ... l.js?v=375

--
End of file - 13051 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DC7B255-C5B5-4DA0-81FC-D6B70FEB8FC5}]
IE Update Class - C:\Program Files\IEUpdate\ieupdate.dll [2010-01-11 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-07 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-07 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-07 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-29 8429568]
"nwiz"=nwiz.exe /install []
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2008-01-14 2764800]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-03-06 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-03-06 970752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-29 149280]
"X2net Smart Address Monitor"=C:\Program Files\X2Net\Smart Address\smartadr.exe [2006-09-10 5533696]
"SUPBackGround"=C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-02-03 294912]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"EverioService"=C:\Program Files\CyberLink\PCM4Everio\EverioService.exe [2006-11-22 151552]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-31 2033432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Matrox PowerDesk SE"=C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [2008-12-03 3091712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-27 68856]
"BeyondCopy"=C:\Program Files\BeyondCopy\beyondcopy.exe [2007-11-29 842752]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2008-07-23 1927448]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-07 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoStartMenuMFUprogramsList"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\OEC\Trader Demo\Trader.exe"="C:\Program Files\OEC\Trader Demo\Trader.exe:*:Enabled:OEC Trader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\OEC\Trader\Trader.exe"="C:\Program Files\OEC\Trader\Trader.exe:*:Enabled:OEC Trader"
"C:\Program Files\X2Net\Smart Address\SMARTADR.exe"="C:\Program Files\X2Net\Smart Address\SMARTADR.exe:*:Enabled:X2Net Smart Address"
"C:\Program Files\BeyondCopy\beyondcopy.exe"="C:\Program Files\BeyondCopy\beyondcopy.exe:*:Disabled:A LAN hosts clipboard synchronism tool distributed under GNU General Public License 3.0."
"C:\SierraChart\SierraChart.exe"="C:\SierraChart\SierraChart.exe:*:Enabled:Sierra Chart"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher"
"C:\WINDOWS\system32\javaws.exe"="C:\WINDOWS\system32\javaws.exe:*:Enabled:Java(TM) Web Start Launcher"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\IncredibleCharts\IncredibleCharts.exe"="C:\Program Files\IncredibleCharts\IncredibleCharts.exe:*:Enabled:IncredibleCharts Pro"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc79c756-28ff-11dd-92ae-00197eee674b}]
shell\AutoRun\command - D:\setupSNK.exe


======File associations======

.reg - open -

======List of files/folders created in the last 1 months======

2010-02-27 16:31:41 ----D---- C:\rsit
2010-02-25 22:53:54 ----D---- C:\Program Files\ESET
2010-02-24 20:06:00 ----D---- C:\Documents and Settings\Keith\Application Data\WinPatrol
2010-02-24 20:05:35 ----D---- C:\Program Files\BillP Studios
2010-02-24 09:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-02-23 15:16:21 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe
2010-02-23 15:01:14 ----D---- C:\VundoFix Backups
2010-02-23 15:01:14 ----A---- C:\VundoFix.txt
2010-02-23 11:29:39 ----D---- C:\Documents and Settings\Keith\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-22 12:59:09 ----D---- C:\Program Files\winMd5Sum
2010-02-21 19:55:54 ----D---- C:\Downloads
2010-02-21 19:51:11 ----D---- C:\Documents and Settings\Keith\Application Data\GetRight
2010-02-21 19:51:01 ----D---- C:\Program Files\GetRight
2010-02-21 16:52:30 ----D---- C:\Documents and Settings\Keith\Application Data\CoreFTP
2010-02-19 23:59:08 ----D---- C:\Program Files\MSSOAP
2010-02-19 23:58:45 ----D---- C:\Program Files\Webroot
2010-02-19 21:34:55 ----A---- C:\WINDOWS\wininit.ini
2010-02-19 19:36:42 ----SHD---- C:\WINDOWS\CSC
2010-02-19 19:36:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-19 09:30:32 ----A---- C:\WINDOWS\system32\IDPList.dll
2010-02-19 09:30:32 ----A---- C:\WINDOWS\system32\IDPImmData.dll
2010-02-19 09:30:31 ----A---- C:\WINDOWS\system32\IDPCritProc.dll
2010-02-18 11:50:48 ----D---- C:\Documents and Settings\Keith\Application Data\Mozilla
2010-02-18 11:50:25 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 00:46:39 ----D---- C:\Documents and Settings\Keith\Application Data\Malwarebytes
2010-02-18 00:46:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-18 00:46:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-18 00:03:25 ----A---- C:\WINDOWS\system32\MSVolumeAMP.dll
2010-02-17 17:32:59 ----D---- C:\Program Files\IEUpdate
2010-02-16 00:47:04 ----D---- C:\Program Files\Lavalys
2010-02-09 14:10:06 ----D---- C:\Documents and Settings\Keith\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2010-02-09 14:09:42 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-09 14:09:36 ----D---- C:\Program Files\YNAB 3
2010-02-01 11:21:59 ----D---- C:\SSPPivot
2010-02-01 11:21:31 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-31 11:03:52 ----A---- C:\WINDOWS\Stock Assault 2.0 Demo Uninstall Log.txt

======List of files/folders modified in the last 1 months======

2010-02-27 16:31:42 ----D---- C:\WINDOWS\Prefetch
2010-02-27 14:45:54 ----D---- C:\WINDOWS\Temp
2010-02-27 14:45:46 ----D---- C:\WINDOWS
2010-02-27 14:45:15 ----SD---- C:\WINDOWS\Tasks
2010-02-27 14:36:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 10:55:18 ----D---- C:\WINDOWS\system32
2010-02-27 10:39:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-27 09:40:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-26 20:47:09 ----D---- C:\Program Files\thinkTDA
2010-02-26 13:10:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-26 00:03:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-26 00:01:44 ----A---- C:\WINDOWS\stock.INI
2010-02-25 23:02:58 ----RD---- C:\Program Files
2010-02-25 22:56:23 ----D---- C:\WINDOWS\system32\drivers
2010-02-25 15:25:39 ----D---- C:\StockMarketMirror 6.8
2010-02-25 14:00:55 ----SHD---- C:\WINDOWS\Installer
2010-02-24 16:56:14 ----HD---- C:\WINDOWS\inf
2010-02-24 16:54:29 ----D---- C:\Config.Msi
2010-02-24 16:54:28 ----D---- C:\WINDOWS\WinSxS
2010-02-24 12:46:34 ----D---- C:\WINDOWS\Minidump
2010-02-24 11:59:36 ----D---- C:\Program Files\IdentityPatrol
2010-02-24 11:57:19 ----A---- C:\WINDOWS\system32\sk_bho.ini
2010-02-24 11:57:18 ----A---- C:\WINDOWS\system32\Identity Patrol_ErrLogFile.txt
2010-02-24 09:25:54 ----D---- C:\Documents and Settings
2010-02-24 08:09:31 ----D---- C:\Program Files\Panda Security
2010-02-23 09:38:22 ----D---- C:\Program Files\SomeWare
2010-02-22 13:58:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-22 09:05:15 ----D---- C:\Program Files\Filzip
2010-02-21 19:40:48 ----A---- C:\WINDOWS\Filzip.ini
2010-02-21 12:41:16 ----D---- C:\Program Files\StockPicker RT
2010-02-21 12:07:32 ----A---- C:\log.txt
2010-02-20 22:56:38 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-19 23:59:42 ----A---- C:\WINDOWS\win.ini
2010-02-19 09:30:26 ----A---- C:\WINDOWS\system32\IDPVer.ini
2010-02-18 14:13:24 ----D---- C:\WINDOWS\Help
2010-02-18 00:57:18 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-17 17:39:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-11 14:36:37 ----D---- C:\SierraChart
2010-02-09 23:41:45 ----D---- C:\Program Files\IncredibleCharts
2010-02-09 14:10:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-09 14:09:42 ----D---- C:\Program Files\Common Files
2010-02-07 23:55:36 ----D---- C:\Program Files\Google
2010-02-07 02:21:43 ----D---- C:\WINDOWS\system32\wbem
2010-02-07 02:21:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-05 19:16:47 ----D---- C:\temp
2010-02-01 16:14:54 ----A---- C:\WINDOWS\RtlExUpd.dll
2010-02-01 11:22:03 ----SD---- C:\Documents and Settings\Keith\Application Data\Microsoft
2010-02-01 11:21:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-01 00:13:29 ----D---- C:\Program Files\Moneydance

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-07 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-07 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-10 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-01 21425]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-28 863402]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-15 67672]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-27 2203520]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-29 6727136]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-07 191936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VMC302;Vimicro Camera Service VMC302; C:\WINDOWS\System32\Drivers\VMC302.sys [2007-10-17 242560]
R3 wowfilter;WOW XT Filter Driver; C:\WINDOWS\system32\drivers\wowfilter.sys [2006-11-09 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-08-25 249856]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SUEPD;SUE NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 19840]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-07 285392]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-12-11 266295]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-03-06 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-29 153376]
R2 Matrox Centering Service;Matrox Centering Service; C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2008-09-08 1257992]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost; C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [2008-12-03 323840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-29 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-03-06 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-03-06 983040]
R2 SNM WLAN Service;SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864]
R2 SRS_PostInstaller;SRS PostInstaller Service; C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2006-11-09 69632]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-02-27 16:31:55

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
AceMoney-->"C:\Program Files\AceMoney\unins000.exe"
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
ActionOutline Lite 3.0-->"C:\Program Files\ActionOutline\unins000.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Advanced Analyzer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF397F20-24BB-11D7-AC6F-0050DA09345C}\Setup.exe" 1
Agere Systems HDA Modem-->agrsmdel
AmiBroker 5.20-->"C:\Program Files\AmiBroker\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BeyondCopy 1.26-->"C:\Program Files\BeyondCopy\unins000.exe"
Brother MFC-425CN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D4E6B31-CD3E-4271-ADE1-63D51D5790C7}\setup.exe" -l0x9 -removeonly /uninst
Custom Indicators Plugin 3.2-->"C:\Program Files\OEC\Plugins\unins000.exe"
Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
EasyZip-->C:\PROGRA~1\EasyZip\\UNINST.EXE
Exif Tag Remover 2.0-->"C:\Program Files\Exif Tag Remover\unins000.exe"
FolderMatch v3.5.1-->"C:\Program Files\FolderMatch\unins000.exe"
GetRight-->"C:\Program Files\GetRight\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Keith\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IEUpdate 7.6-->"C:\Program Files\IEUpdate\unins000.exe"
IncredibleCharts Pro-->"C:\Program Files\IncredibleCharts\unins000.exe"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Jalbum 8.0-->C:\Program Files\JalbumWin\Uninstall.exe
Jalbum-->"C:\Program Files\Jalbum\Uninstall_Jalbum\Uninstall Jalbum.exe"
Jalbum-->MsiExec.exe /I{FB4BBAD5-F5C6-4D78-91A2-F437C2C6812C}
Java 2 Runtime Environment, SE v1.4.2_15-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\setup.exe" -l0x9 Remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matrox PowerDesk-SE (GXM)-->MsiExec.exe /X{62BEB216-F2AB-46C5-A69A-2CD627E71475}
MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Moneydance 2010-->C:\Program Files\Moneydance\uninstall.exe
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OEC Chart Package 3.4-->"C:\Program Files\OEC\Plugins\prod\unins000.exe"
OEC Chart Package Demo 3.4-->"C:\Program Files\OEC\Plugins\demo\unins000.exe"
OEC Custom Indicators Plugin 3.3-->"C:\Program Files\OEC\Plugins\unins000.exe"
OEC Excel Add-In 3.3-->"C:\Program Files\OEC\Excel Add-In\unins000.exe"
OEC Market Replay 3.4-->"C:\Program Files\OEC\Plugins\prod\unins002.exe"
OEC Market Replay Demo 3.4-->"C:\Program Files\OEC\Plugins\demo\unins002.exe"
OEC MarketReplay Plugin 3.3-->"C:\Program Files\OEC\Plugins\unins001.exe"
OEC RSS News Feed 3.4-->"C:\Program Files\OEC\Plugins\prod\unins001.exe"
OEC RSS News Feed Demo 3.4-->"C:\Program Files\OEC\Plugins\demo\unins001.exe"
OEC Trader 3.4-->"C:\Program Files\OEC\Trader\unins000.exe"
OEC Trader Demo 3.4-->"C:\Program Files\OEC\Trader Demo\unins000.exe"
Oubliette 1.9.5-->"C:\Program Files\Oubliette\unins000.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x9
PowerCinema NE for Everio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
QuoteTracker-->"C:\Program Files\QuoteTracker\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry Patrol-->C:\WINDOWS\unvise32.exe C:\Program Files\Registry Patrol\uninstal.log
Samsung Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\setup.exe" -l0x9 Remove
Samsung Network Manager 2.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} /l1033
Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Update Plus-->MsiExec.exe /X{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StockPicker RT-->MsiExec.exe /X{CB4E1508-632E-4F3B-939C-920730231DF7}
Stock-Signal-Pro Pivot Trader-->MsiExec.exe /I{3898CC37-D63B-4D14-9EA0-1C934FDD761B}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
thinkorswim from TD AMERITRADE-->C:\Program Files\thinkTDA\uninstall.exe
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
Voice Recorder 1.0.1.39-->"C:\Program Files\Samsung\Voice Recorder\unins000.exe"
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WOW XT and TSXT Filter Driver-->MsiExec.exe /X{59C0B2F0-AFA7-4F61-B863-D4EA7238E6A8}
X2Net Reporter V1.1.0.15-->"C:\Program Files\X2Net\Common\Reporter\unins000.exe"
X2Net Smart Address 5.6-->"C:\Program Files\X2Net\Smart Address\unins000.exe"
YNAB 3-->msiexec /qb /x {E898F0C7-D21C-414B-592F-AA7409AE458B}
YNAB 3-->MsiExec.exe /I{E898F0C7-D21C-414B-592F-AA7409AE458B}

======Hosts File======

127.0.0.1 localhost
127.0.0.1 http://www.venkos.net

======Security center information======

AV: AVG Anti-Virus Free

=====Application event log=====

Computer Name: SAMSUNG
Event Code: 1000
Message: Faulting application acdseepro2.exe, version 2.0.238.0, faulting module msvcr80.dll, version 8.0.50727.4053, fault address 0x00008aa0.

Record Number: 8658
Source Name: Application Error
Time Written: 20091231181304.000000+060
Event Type: error
User:

Computer Name: SAMSUNG
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16674, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037c89.

Record Number: 8283
Source Name: Application Error
Time Written: 20091215234943.000000+060
Event Type: error
User:

Computer Name: SAMSUNG
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16674, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x000109f9.

Record Number: 8104
Source Name: Application Error
Time Written: 20091206005456.000000+060
Event Type: error
User:

Computer Name: SAMSUNG
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16674, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037c89.

Record Number: 8075
Source Name: Application Error
Time Written: 20091204235502.000000+060
Event Type: error
User:

Computer Name: SAMSUNG
Event Code: 1023
Message: .NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

Record Number: 8069
Source Name: .NET Runtime
Time Written: 20091204180836.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip

-----------------EOF-----------------
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby Katana » February 27th, 2010, 3:53 pm

There is no obvious evidence of infection showing, we will have to dig a bit deeper.


Information

Registry Cleaners + "Tweak" Tools

Re. Registry Patrol
Uniblue RegistryBooster 2


I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/ ... ng_13.html


----------------------------------------------------------------------------------------

GMER Rootkit Detector

Please download GMER Rootkit Scanner from Here or Here

***Please close any open programs ***
  • Extract the contents of the zip file to your desktop.
  • Disable your onboard Anti Virus and any other Active protection programs you have installed.
  • Double-click gmer.exe. The program will begin to run.

    Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
  • Now use the following settings for a more complete scan..

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once the scan is complete, you may receive another notice about rootkit activity. If you recive it, click OK.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » February 28th, 2010, 4:27 am

Hi
Thanks for your kind attention.
GMER scanned for about one hour and then went to a clear blue screen with no text. I had to close the computer. For attempt number 2, I had to leave the computer running overnight but at some point it closed down and reopened with a "Windows has recovered from a serious error" report. It created two error files, sysdata.xml and minio22810-01.dmp. Do you want these files? I think the scan time is in excess of 6 hours.

During the scan I noticed that there is a huge number of temp internet files and a large, obsolete stock data file. May I delete these before running scan number three?
Kabe
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby Katana » February 28th, 2010, 6:47 am

Please do these two steps before trying GMER again

  1. Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
  2. Select C drive and click OK.
  3. Put a "Tick" in all the available boxes
  4. Select the More Options tab.
  5. Under System Restore, click on Clean up....
  6. You will be prompted. Click Yes.
  7. When done, click OK.
  8. You will be prompted again. Press Yes to confirm.
  9. When done, Disk Cleanup will close automatically.


Please download DeFogger to your desktop. Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » February 28th, 2010, 7:34 am

Well!, Disk cleanup proceeded normally.

DeFogger "Finished" and I clicked "OK". It's now sitting there with the options "Disable" and "Re-enable". There was no request to boot the machine. Should I re-boot manually?
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » February 28th, 2010, 7:40 am

Sorry - Just noticed the log file. Here it is:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:24 on 28/02/2010 (Keith)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby Katana » February 28th, 2010, 12:30 pm

Please reboot and then try GMER
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » February 28th, 2010, 4:40 pm

Attempt 1: Gmer would not star
Attempt 2: Renamed to "Look". Ran for 10 minutes and then blue Screen
Attempt 3: Similar.
Attempt 4: Disabled CPU Power Saving and Windows Screen Saver. Look completed successfully.

Hope the log is OK. It seems very small after such a lengthy scan.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-28 21:23:47
Windows 5.1.2600 Service Pack 3
Running: Look.exe; Driver: C:\DOCUME~1\Keith\LOCALS~1\Temp\pxddypoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby Katana » February 28th, 2010, 4:51 pm

Step 1

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


----------------------------------------------------------------------------------------
Step 2

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small export to notepad button and save the report to your desktop.
  • Please post the report in your reply.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Combofix Log
  • Active Scan Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » March 1st, 2010, 6:31 am

Before running ComboFix I disabled SpyBot/Tea time. I couldn´t find a way to disable AVG so I uninstalled it - hope that was OK.
ComboFix ran successfully and installed the recovery console. I then re-enabled SpyBot and re-installed AVG.
ActiveScan ran to conclusion but was very slow (3 hours).
Although I may need the rest of the day to be sure, I have not so far had any random "redirects".
ActiveScan log in next reply.
Here is the CombiFix log:

ComboFix 10-02-27.04 - Keith 03/01/2010 8:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1582 [GMT 1:00]
Running from: c:\documents and settings\Keith\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
C:\LOG.TXT
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\MSVolumeAMP.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-28 11:10 . 2008-04-14 04:42 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-02-28 11:10 . 2008-04-14 04:42 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-02-27 15:31 . 2010-02-27 15:31 -------- d-----w- C:\rsit
2010-02-25 21:53 . 2010-02-25 21:53 -------- d-----w- c:\program files\ESET
2010-02-25 13:00 . 2010-02-25 13:00 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Temp
2010-02-24 19:06 . 2010-02-24 19:06 -------- d-----w- c:\documents and settings\Keith\Application Data\WinPatrol
2010-02-24 19:06 . 2009-11-28 18:26 25 ----a-w- c:\documents and settings\Keith\Application Data\WinPatrol\Autoexec.bat
2010-02-24 19:06 . 2008-05-20 10:30 0 ----a-w- c:\documents and settings\Keith\Application Data\WinPatrol\Config.sys
2010-02-24 19:05 . 2010-02-24 19:05 -------- d-----w- c:\program files\BillP Studios
2010-02-24 15:56 . 2010-02-25 15:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-24 10:37 . 2010-02-24 10:37 -------- d-----w- c:\documents and settings\Keith\DoctorWeb
2010-02-24 08:29 . 2010-02-24 08:29 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
2010-02-24 08:27 . 2010-02-24 08:27 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\IsolatedStorage
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Application Data\HP
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\HP
2010-02-24 08:26 . 2010-02-24 08:26 71280 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 08:25 . 2008-06-01 18:06 -------- d-----w- c:\documents and settings\Guest\Application Data\Intel
2010-02-24 08:25 . 2010-02-27 21:00 -------- d-----w- c:\documents and settings\Guest
2010-02-24 07:09 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-23 14:16 . 2010-02-23 14:16 24576 ----a-w- c:\windows\system32\VundoFixSVC.exe
2010-02-23 14:01 . 2010-02-23 14:15 -------- d-----w- C:\VundoFix Backups
2010-02-23 10:29 . 2010-02-23 10:29 -------- d-----w- c:\documents and settings\Keith\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-22 11:59 . 2010-02-22 11:59 -------- d-----w- c:\program files\winMd5Sum
2010-02-21 18:55 . 2010-02-28 21:10 -------- d-----w- C:\Downloads
2010-02-21 18:51 . 2010-02-28 21:11 -------- d-----w- c:\documents and settings\Keith\Application Data\GetRight
2010-02-21 18:51 . 2010-02-21 18:51 -------- d-----w- c:\program files\GetRight
2010-02-21 15:52 . 2010-02-21 17:35 -------- d-----w- c:\documents and settings\Keith\Application Data\CoreFTP
2010-02-21 11:41 . 2010-02-21 11:41 200704 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{CB4E1508-632E-4F3B-939C-920730231DF7}\_EA5052EEA198435A823FF7AC082E1D50.exe
2010-02-21 11:41 . 2010-02-21 11:41 200704 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{CB4E1508-632E-4F3B-939C-920730231DF7}\_0D58037CB5A3428692D8780F31100D9F.exe
2010-02-21 11:41 . 2010-02-21 11:41 10134 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{CB4E1508-632E-4F3B-939C-920730231DF7}\ARPPRODUCTICON.exe
2010-02-21 04:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 04:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 22:59 . 2010-02-19 22:59 -------- d-----w- c:\program files\MSSOAP
2010-02-19 22:58 . 2010-02-19 22:58 -------- d-----w- c:\program files\Webroot
2010-02-19 22:52 . 2010-02-19 22:52 164 ----a-w- c:\windows\install.dat
2010-02-19 08:30 . 2004-07-16 15:11 622113 ----a-w- c:\windows\system32\IDPList.dll
2010-02-19 08:30 . 2004-05-15 11:12 13772 ----a-w- c:\windows\system32\IDPImmData.dll
2010-02-19 08:30 . 2004-06-12 11:02 162 ----a-w- c:\windows\system32\IDPCritProc.dll
2010-02-19 08:11 . 2010-02-19 08:30 1002044 ----a-w- c:\windows\system32\IDPExe.zip
2010-02-19 08:10 . 2010-02-19 08:30 1669117 ----a-w- c:\windows\system32\IDPSig.zip
2010-02-18 10:50 . 2010-02-18 10:50 0 ----a-w- c:\windows\nsreg.dat
2010-02-18 10:50 . 2010-02-18 10:50 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Mozilla
2010-02-17 23:46 . 2010-02-17 23:46 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
2010-02-17 23:46 . 2010-02-17 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-17 23:46 . 2010-02-23 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 16:32 . 2010-02-17 16:33 -------- d-----w- c:\program files\IEUpdate
2010-02-15 23:47 . 2010-02-15 23:47 -------- d-----w- c:\program files\Lavalys
2010-02-09 13:10 . 2010-02-09 13:10 -------- d-----w- c:\documents and settings\Keith\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2010-02-09 13:09 . 2010-02-23 10:31 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-09 13:09 . 2010-02-23 10:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-09 13:09 . 2010-02-09 13:09 -------- d-----w- c:\program files\YNAB 3
2010-02-07 22:57 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-01 10:22 . 2010-02-01 10:22 40960 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{3898CC37-D63B-4D14-9EA0-1C934FDD761B}\ARPPRODUCTICON.exe
2010-02-01 10:22 . 2010-02-01 10:22 1078 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{3898CC37-D63B-4D14-9EA0-1C934FDD761B}\NewShortcut1_E54B398542BE4DCBB5166D623B27DD9D.exe
2010-02-01 10:21 . 2010-02-01 11:07 -------- d-----w- C:\SSPPivot
2010-02-01 10:21 . 2010-02-01 10:21 -------- d-----w- c:\windows\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 14:12 . 2008-05-27 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-27 21:00 . 2009-11-07 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-26 19:47 . 2009-09-16 16:44 -------- d-----w- c:\program files\thinkTDA
2010-02-24 10:59 . 2009-11-28 10:37 -------- d-----w- c:\program files\IdentityPatrol
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Application Data\GetRight
2010-02-24 08:26 . 2010-02-24 08:26 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Application Data\X2Net
2010-02-24 07:09 . 2009-05-10 17:44 -------- d-----w- c:\program files\Panda Security
2010-02-23 10:31 . 2010-02-24 08:25 38784 ----a-w- c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 10:31 . 2010-01-10 22:33 38784 ----a-w- c:\documents and settings\Keith\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 08:38 . 2008-07-10 17:05 -------- d-----w- c:\program files\SomeWare
2010-02-22 08:05 . 2008-11-23 00:15 -------- d-----w- c:\program files\Filzip
2010-02-21 11:41 . 2010-01-06 15:36 -------- d-----w- c:\program files\StockPicker RT
2010-02-17 16:39 . 2009-01-31 10:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-09 22:41 . 2009-05-01 10:01 -------- d-----w- c:\program files\IncredibleCharts
2010-02-07 22:55 . 2008-05-27 12:55 -------- d-----w- c:\program files\Google
2010-02-01 15:14 . 2008-05-21 07:51 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-31 23:13 . 2008-11-14 15:42 -------- d-----w- c:\program files\Moneydance
2010-01-23 19:33 . 2010-01-23 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 12:40 . 2008-05-20 10:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 13:35 . 2010-01-07 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-06 08:41 . 2010-01-05 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-05 13:35 . 2010-01-05 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-05 13:35 . 2010-01-05 13:35 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-05 13:35 . 2010-01-05 13:35 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-12-31 22:21 . 2008-06-08 21:58 -------- d-----w- c:\program files\Jalbum
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DC7B255-C5B5-4DA0-81FC-D6B70FEB8FC5}]
2010-01-11 11:28 258048 ----a-w- c:\program files\IEUpdate\ieupdate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
"BeyondCopy"="c:\program files\BeyondCopy\beyondcopy.exe" [2007-11-29 842752]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 1927448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-01-14 2764800]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"X2net Smart Address Monitor"="c:\program files\X2Net\Smart Address\smartadr.exe" [2006-09-10 5533696]
"SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-02-03 294912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2008-12-03 3091712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2010-2-21 4628752]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OEC\\Trader Demo\\Trader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\OEC\\Trader\\Trader.exe"=
"c:\\Program Files\\X2Net\\Smart Address\\SMARTADR.exe"=
"c:\\Program Files\\BeyondCopy\\beyondcopy.exe"=
"c:\\SierraChart\\SierraChart.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\IncredibleCharts\\IncredibleCharts.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/24/2010 8:09 AM 28552]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [5/23/2008 8:47 PM 4300]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [9/8/2008 10:10 PM 1257992]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [12/3/2008 11:00 AM 323840]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [11/9/2006 9:32 AM 69632]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [5/21/2008 9:15 AM 242560]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [11/9/2006 9:32 AM 20608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 11:55 PM 135664]
S2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [5/28/2005 7:35 AM 36864]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [5/27/2008 8:51 PM 19840]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-27 11:09]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:55]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\drivers\imon\pklsp.dll
DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886}
FF - ProfilePath - c:\documents and settings\Keith\Application Data\Mozilla\Firefox\Profiles\m1ug28la.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.exalead.com/search/
FF - component: c:\program files\IEUpdate\FF\components\MyHTMLAnalizer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2010-03-01 08:06:05
ComboFix-quarantined-files.txt 2010-03-01 07:06

Pre-Run: 19,858,198,528 bytes free
Post-Run: 50,899,648,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6A510A3D0D061D1034BB70594717CEDB
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » March 1st, 2010, 6:41 am

PROBLEM!!!

In attempting to open this page I got another of those Redirects. As always it is to http://www.venlos.net/in/php. As this is entered in the Windows Hosts file, it comes up as "Oops" This link appears to be broken"

Anyway, here is the ActiveScan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-01 10:52:52
PROTECTIONS: 1
MALWARE: 28
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 9.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@casalemedia[2].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@doubleclick[2].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@doubleclick[2].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@doubleclick[2].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\76390.17_20091206211310_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@doubleclick[1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@doubleclick[1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@doubleclick[1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@atdmt[2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\32908.83_20091129090828_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@atdmt[1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@atdmt[1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@atdmt[2].txt]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@fastclick[1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@fastclick[2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@fastclick[2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@fastclick[1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@tribalfusion[1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@tribalfusion[2].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@tribalfusion[1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@mediaplex[1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@mediaplex[2].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@mediaplex[1].txt]
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@7search[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@belnk[1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@xiti[1].txt]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@xiti[1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ad.yieldmanager[1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ad.yieldmanager[1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\76390.17_20091206211310_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ad.yieldmanager[2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ad.yieldmanager[2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ad.yieldmanager[2].txt]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@apmebf[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@server.iad.liveperson[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@advertising[1].txt]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\33978.45_20100219092618_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@advertising[1].txt]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@advertising[1].txt]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@advertising[2].txt]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\43258.06_20091128120058_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ads.pointroll[2].txt]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\76390.17_20091206211310_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ads.pointroll[1].txt]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\1064.953_20091205001744_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ads.pointroll[1].txt]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@ads.pointroll[1].txt]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\program files\identitypatrol\backup\48182.42_20100110132302_cookiesbk.bkp[c:/documents and settings/keith/cookies/keith@zedo[1].txt]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@bravenet[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\keith\cookies\keith@smartadserver[1].txt
01017566 Generic Malware Virus/Trojan No 0 Yes No c:\program files\identitypatrol\backup\32908.83_20091129090828_filesbk.bkp[c:/windows/system32/memwarp.ocx]
03899102 Generic Malware Virus/Trojan No 0 Yes No c:\windows\system32\memwarp.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\keith\desktop\nclip.exe
No c:\program files\vimicro corporation\vmc302\driverbackup\isvmsetup.exe
No c:\windows\nclip.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
217842 HIGH MS10-015
217839 HIGH MS10-012
217838 HIGH MS10-011
217834 HIGH MS10-008
217833 HIGH MS10-007
217832 HIGH MS10-006
217831 HIGH MS10-005
217169 HIGH MS10-002
216839 HIGH MS10-001
215938 HIGH MS09-072
215935 HIGH MS09-069
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
205735 HIGH MS09-002
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
;===================================================================================================================================================================================
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm

Re: Another Win32.FraudLoad.edt victim

Unread postby Katana » March 1st, 2010, 11:00 am

It looks like your problems may be caused by Registry Patrol, I recommend that you uninstall it
When installed, eZula will alter all pages viewed in IE, adding extra links to words and phrases targeted by advertisers. These links are unauthorised by the operators of the sites being viewed.

http://www.threatexpert.com/report.aspx ... d1905632b4


----------------------------------------------------------------------------------------
Step 1

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs.
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
  • Registry Patrol
Now close the Control Panel.



----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 3

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\windows\system32\memwarp.dll
    c:\program files\IEUpdate\ieupdate.dll
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DC7B255-C5B5-4DA0-81FC-D6B70FEB8FC5}]
    
    
    ADS::

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper





----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Java and Adobe are out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) from HERE
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 9.2
    Java 2 Runtime Environment, SE v1.4.2_15
    Java(TM) 6 Update 15
Now close the Control Panel.

Reboot your machine.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Another Win32.FraudLoad.edt victim

Unread postby kabe » March 1st, 2010, 2:16 pm

Here the mbam-log:

Malwarebytes' Anti-Malware 1.44
Database version: 3809
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/1/2010 5:10:22 PM
mbam-log-2010-03-01 (17-10-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 220263
Time elapsed: 50 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*******************************************************************

And the second ComboFix Log:

ComboFix 10-02-28.04 - Keith 03/01/2010 17:34:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1320 [GMT 1:00]
Running from: c:\documents and settings\Keith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Keith\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\IEUpdate\ieupdate.dll"
"c:\windows\system32\memwarp.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEUpdate\ieupdate.dll
c:\windows\system32\memwarp.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 07:58 . 2010-03-01 07:38 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-01 07:58 . 2010-03-01 07:38 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-01 07:44 . 2010-03-01 07:44 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\AVG Security Toolbar
2010-03-01 07:40 . 2009-11-25 12:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-03-01 07:39 . 2010-03-01 07:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-01 07:39 . 2010-03-01 07:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-01 07:39 . 2010-03-01 07:39 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-01 07:38 . 2010-03-01 07:38 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-01 07:38 . 2010-03-01 07:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-01 07:38 . 2010-03-01 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-28 11:10 . 2008-04-14 04:42 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-02-28 11:10 . 2008-04-14 04:42 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-02-27 15:31 . 2010-02-27 15:31 -------- d-----w- C:\rsit
2010-02-25 21:53 . 2010-02-25 21:53 -------- d-----w- c:\program files\ESET
2010-02-25 13:00 . 2010-02-25 13:00 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Temp
2010-02-24 19:06 . 2010-02-24 19:06 -------- d-----w- c:\documents and settings\Keith\Application Data\WinPatrol
2010-02-24 19:06 . 2009-11-28 18:26 25 ----a-w- c:\documents and settings\Keith\Application Data\WinPatrol\Autoexec.bat
2010-02-24 19:06 . 2008-05-20 10:30 0 ----a-w- c:\documents and settings\Keith\Application Data\WinPatrol\Config.sys
2010-02-24 19:05 . 2010-02-24 19:05 -------- d-----w- c:\program files\BillP Studios
2010-02-24 15:56 . 2010-02-25 15:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-24 10:37 . 2010-02-24 10:37 -------- d-----w- c:\documents and settings\Keith\DoctorWeb
2010-02-24 08:29 . 2010-02-24 08:29 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
2010-02-24 08:27 . 2010-02-24 08:27 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\IsolatedStorage
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Application Data\HP
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\HP
2010-02-24 08:26 . 2010-02-24 08:26 71280 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 08:25 . 2008-06-01 18:06 -------- d-----w- c:\documents and settings\Guest\Application Data\Intel
2010-02-24 08:25 . 2010-02-27 21:00 -------- d-----w- c:\documents and settings\Guest
2010-02-24 07:09 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-23 14:16 . 2010-02-23 14:16 24576 ----a-w- c:\windows\system32\VundoFixSVC.exe
2010-02-23 14:01 . 2010-02-23 14:15 -------- d-----w- C:\VundoFix Backups
2010-02-23 10:29 . 2010-02-23 10:29 -------- d-----w- c:\documents and settings\Keith\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-22 11:59 . 2010-02-22 11:59 -------- d-----w- c:\program files\winMd5Sum
2010-02-21 18:55 . 2010-02-28 21:10 -------- d-----w- C:\Downloads
2010-02-21 18:51 . 2010-02-28 21:11 -------- d-----w- c:\documents and settings\Keith\Application Data\GetRight
2010-02-21 18:51 . 2010-02-21 18:51 -------- d-----w- c:\program files\GetRight
2010-02-21 15:52 . 2010-02-21 17:35 -------- d-----w- c:\documents and settings\Keith\Application Data\CoreFTP
2010-02-21 11:41 . 2010-02-21 11:41 200704 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{CB4E1508-632E-4F3B-939C-920730231DF7}\_EA5052EEA198435A823FF7AC082E1D50.exe
2010-02-21 11:41 . 2010-02-21 11:41 200704 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{CB4E1508-632E-4F3B-939C-920730231DF7}\_0D58037CB5A3428692D8780F31100D9F.exe
2010-02-21 11:41 . 2010-02-21 11:41 10134 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{CB4E1508-632E-4F3B-939C-920730231DF7}\ARPPRODUCTICON.exe
2010-02-21 04:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 04:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 22:59 . 2010-02-19 22:59 -------- d-----w- c:\program files\MSSOAP
2010-02-19 22:58 . 2010-02-19 22:58 -------- d-----w- c:\program files\Webroot
2010-02-19 22:52 . 2010-02-19 22:52 164 ----a-w- c:\windows\install.dat
2010-02-19 08:30 . 2004-07-16 15:11 622113 ----a-w- c:\windows\system32\IDPList.dll
2010-02-19 08:30 . 2004-05-15 11:12 13772 ----a-w- c:\windows\system32\IDPImmData.dll
2010-02-19 08:30 . 2004-06-12 11:02 162 ----a-w- c:\windows\system32\IDPCritProc.dll
2010-02-19 08:11 . 2010-02-19 08:30 1002044 ----a-w- c:\windows\system32\IDPExe.zip
2010-02-19 08:10 . 2010-02-19 08:30 1669117 ----a-w- c:\windows\system32\IDPSig.zip
2010-02-18 10:50 . 2010-02-18 10:50 0 ----a-w- c:\windows\nsreg.dat
2010-02-18 10:50 . 2010-02-18 10:50 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Mozilla
2010-02-17 23:46 . 2010-02-17 23:46 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
2010-02-17 23:46 . 2010-02-17 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-17 23:46 . 2010-02-23 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 16:32 . 2010-03-01 16:38 -------- d-----w- c:\program files\IEUpdate
2010-02-15 23:47 . 2010-02-15 23:47 -------- d-----w- c:\program files\Lavalys
2010-02-09 13:10 . 2010-02-09 13:10 -------- d-----w- c:\documents and settings\Keith\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2010-02-09 13:09 . 2010-02-23 10:31 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-09 13:09 . 2010-02-23 10:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-09 13:09 . 2010-02-09 13:09 -------- d-----w- c:\program files\YNAB 3
2010-02-07 22:57 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-01 10:22 . 2010-02-01 10:22 40960 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{3898CC37-D63B-4D14-9EA0-1C934FDD761B}\ARPPRODUCTICON.exe
2010-02-01 10:22 . 2010-02-01 10:22 1078 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{3898CC37-D63B-4D14-9EA0-1C934FDD761B}\NewShortcut1_E54B398542BE4DCBB5166D623B27DD9D.exe
2010-02-01 10:21 . 2010-02-01 11:07 -------- d-----w- C:\SSPPivot
2010-02-01 10:21 . 2010-02-01 10:21 -------- d-----w- c:\windows\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 15:15 . 2009-11-28 18:17 -------- d-----w- c:\program files\Registry Patrol
2010-03-01 15:13 . 2008-05-27 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-01 07:38 . 2009-11-07 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-26 19:47 . 2009-09-16 16:44 -------- d-----w- c:\program files\thinkTDA
2010-02-24 10:59 . 2009-11-28 10:37 -------- d-----w- c:\program files\IdentityPatrol
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Application Data\GetRight
2010-02-24 08:26 . 2010-02-24 08:26 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2010-02-24 08:26 . 2010-02-24 08:26 -------- d-----w- c:\documents and settings\Guest\Application Data\X2Net
2010-02-24 07:09 . 2009-05-10 17:44 -------- d-----w- c:\program files\Panda Security
2010-02-23 10:31 . 2010-02-24 08:25 38784 ----a-w- c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 10:31 . 2010-01-10 22:33 38784 ----a-w- c:\documents and settings\Keith\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 08:38 . 2008-07-10 17:05 -------- d-----w- c:\program files\SomeWare
2010-02-22 08:05 . 2008-11-23 00:15 -------- d-----w- c:\program files\Filzip
2010-02-21 11:41 . 2010-01-06 15:36 -------- d-----w- c:\program files\StockPicker RT
2010-02-17 16:39 . 2009-01-31 10:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-09 22:41 . 2009-05-01 10:01 -------- d-----w- c:\program files\IncredibleCharts
2010-02-07 22:55 . 2008-05-27 12:55 -------- d-----w- c:\program files\Google
2010-02-01 15:14 . 2008-05-21 07:51 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-31 23:13 . 2008-11-14 15:42 -------- d-----w- c:\program files\Moneydance
2010-01-23 19:33 . 2010-01-23 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 12:40 . 2008-05-20 10:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 13:35 . 2010-01-07 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-06 08:41 . 2010-01-05 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-05 13:35 . 2010-01-05 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-05 13:35 . 2010-01-05 13:35 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-05 13:35 . 2010-01-05 13:35 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-12-31 22:21 . 2008-06-08 21:58 -------- d-----w- c:\program files\Jalbum
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((( SnapShot@2010-03-01_07.05.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 09:56 . 2010-03-01 09:56 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
"BeyondCopy"="c:\program files\BeyondCopy\beyondcopy.exe" [2007-11-29 842752]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 1927448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-01-14 2764800]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"X2net Smart Address Monitor"="c:\program files\X2Net\Smart Address\smartadr.exe" [2006-09-10 5533696]
"SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-02-03 294912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2008-12-03 3091712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2010-2-21 4628752]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-01 07:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OEC\\Trader Demo\\Trader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\OEC\\Trader\\Trader.exe"=
"c:\\Program Files\\X2Net\\Smart Address\\SMARTADR.exe"=
"c:\\Program Files\\BeyondCopy\\beyondcopy.exe"=
"c:\\SierraChart\\SierraChart.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\IncredibleCharts\\IncredibleCharts.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/24/2010 8:09 AM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/1/2010 8:39 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/1/2010 8:39 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/1/2010 8:38 AM 285392]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [5/23/2008 8:47 PM 4300]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [9/8/2008 10:10 PM 1257992]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [12/3/2008 11:00 AM 323840]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [11/9/2006 9:32 AM 69632]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [5/21/2008 9:15 AM 242560]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [11/9/2006 9:32 AM 20608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 11:55 PM 135664]
S2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [5/28/2005 7:35 AM 36864]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [5/27/2008 8:51 PM 19840]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-27 11:09]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:55]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\drivers\imon\pklsp.dll
FF - ProfilePath - c:\documents and settings\Keith\Application Data\Mozilla\Firefox\Profiles\m1ug28la.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.exalead.com/search/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\IEUpdate\FF\components\MyHTMLAnalizer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
Completion time: 2010-03-01 17:40:26
ComboFix-quarantined-files.txt 2010-03-01 16:40
ComboFix2.txt 2010-03-01 07:06

Pre-Run: 49,615,511,552 bytes free
Post-Run: 49,898,254,336 bytes free

- - End Of File - - 2EE10992A4FDC8FC5DC6CA327F48C76E

Well, I've been browsing the web and checking my emails for almost an hour now with not "redirects". So far, I'm cautiously optimistic and browsing seems faster also. I hope it's not premature to say thank you.
kabe
Active Member
 
Posts: 11
Joined: February 18th, 2010, 2:41 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware