Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE and Firefox Hijacked and Chrome won't connect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 8th, 2010, 8:51 pm

First, thank you for any help. I've been using Chrome as my browser. Left a few tabs open in the morning. Came home to find I had an AVG message saying it blocked some sort of attack. Everything seemed fine and Chrome was still working. I closed it down and later opened it to find that it just hangs on a blank screen without making any sort of connection. I then tried Firefox and IE and found they both connect, but have been hijacked. I restarted in safe mode and have run Spybot, Adaware, AVG, and Malwarebytes. They each found a few things which I took the recommended actions on. I rebooted back into normal mode to find Chrome still not connecting and the other browsers still hijacked.



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:44:54 PM, on 4/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\...\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin Jaggard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CC1067-4963-42B5-8030-E47DCB9EA05D}: NameServer = 192.168.1.254,192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ad70bf1e8c19) (gupdate1c9ad70bf1e8c19) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 14231 bytes




2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Ad-Aware
Ad-Aware
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG Free 9.0
Baseball Mogul 2010
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CDisplay 1.8
Connect
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp DSP Effects
dBpoweramp Music Converter
Dell Resource CD
DING!
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
ESPNMotion
Exact Audio Copy 0.99pb3
ffdshow [rev 1723] [2007-12-24]
FLAC 1.2.1b (remove only)
GemMaster Mystic
GOM Player
Google Earth
Google Photos Screensaver
Google Talk (remove only)
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
iTunes
iTunesFolderWatch
Java(TM) 6 Update 13
Java(TM) 6 Update 7
kuler
Last.fm 1.5.4.24567
Magic ISO Maker v5.5 (build 0265)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NBA LIVE 07
Nero 8 Ultra Edition HD
neroxml
Netflix Movie Viewer
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PokerStars
QuickTime
RealPlayer
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SigmaTel Audio
Skype web features
Skype™ 4.1
Sonic Encoders
SonicStage 4.3
Sound Blaster ADVANCED MB Drivers
Spybot - Search & Destroy
Suite Shared Configuration CS4
System Requirements Lab
TVersity Codec Pack 1.2
TVersity Media Server 1.6 Beta
TVersity Media Server 1.7.2.1 Beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Wootalyzer!
Xvid 1.1.3 final uninstall
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm
Advertisement
Register to Remove

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby MWR 3 day Mod » April 13th, 2010, 1:51 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 13th, 2010, 9:48 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 13th, 2010, 1:01 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by J....n J.....d at 2010-04-13 11:41:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 78 GB (33%) free of 234 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:21 AM, on 4/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\J....n J.....d\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\J....n J.....d.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CC1067-4963-42B5-8030-E47DCB9EA05D}: NameServer = 192.168.1.254,192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ad70bf1e8c19) (gupdate1c9ad70bf1e8c19) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15250 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2139871995-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2139871995-1801674531-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-02-05 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-02 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"nwiz"=nwiz.exe /install []
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-20 282624]
"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-27 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-02 2064224]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-05 198160]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-12-24 1280272]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-10 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^J....n J.....d^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlackBerry Desktop Redirector.lnk - C:\Program Files\Research In Motion\BlackBerry\Redirector.exe

C:\Documents and Settings\J....n J.....d\Start Menu\Programs\Startup
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-14 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-04-13 11:41:52 ----D---- C:\Program Files\trend micro
2010-04-13 11:41:51 ----D---- C:\rsit
2010-04-12 20:43:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-12 19:11:37 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-04-12 19:11:34 ----D---- C:\Program Files\IObit
2010-04-11 15:37:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-11 15:36:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-11 15:36:48 ----D---- C:\Documents and Settings\J....n J.....d\Application Data\SUPERAntiSpyware.com
2010-04-11 11:36:42 ----D---- C:\WINDOWS\BDOSCAN8
2010-04-09 08:23:33 ----A---- C:\WINDOWS\system32\svchost.exe.exp.log
2010-04-08 22:21:47 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-08 22:21:19 ----D---- C:\Program Files\Reference Assemblies
2010-04-08 22:20:52 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-04-08 22:20:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-04-08 22:20:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-04-08 22:20:51 ----D---- C:\13e426ba417ad14154aeffdb
2010-04-08 22:17:15 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-04-08 21:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-08 21:56:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-08 21:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-08 21:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-08 21:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-08 21:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-08 21:55:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-08 21:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-08 21:54:35 ----D---- C:\WINDOWS\ie8updates
2010-04-08 21:53:19 ----HDC---- C:\WINDOWS\ie8
2010-04-08 21:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-08 21:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-08 21:26:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-08 21:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-04-08 21:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-08 21:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-08 21:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-08 21:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-04-08 21:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-08 21:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-04-08 21:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-08 21:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-08 21:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-04-08 21:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-08 21:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-08 21:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-08 21:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-08 21:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-08 21:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-08 21:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-08 21:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-08 21:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2010-04-08 21:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-08 21:12:22 ----D---- C:\WINDOWS\ServicePackFiles
2010-04-08 21:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-04-08 21:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-08 21:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-04-08 21:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-08 21:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2010-04-08 21:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-04-08 21:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-08 21:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-08 21:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-08 20:59:21 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-08 19:57:36 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-04-08 19:55:50 ----D---- C:\Program Files\Windows Defender
2010-04-08 17:00:59 ----D---- C:\Program Files\CCleaner
2010-04-08 17:00:01 ----D---- C:\Program Files\TrendMicro
2010-04-08 03:42:40 ----D---- C:\Documents and Settings\J....n J.....d\Application Data\Malwarebytes
2010-04-08 03:42:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-08 03:42:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-07 22:09:18 ----D---- C:\WINDOWS\pss
2010-03-14 08:13:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll

======List of files/folders modified in the last 1 months======

2010-04-13 11:41:52 ----RD---- C:\Program Files
2010-04-13 11:41:11 ----D---- C:\WINDOWS\Prefetch
2010-04-13 11:36:09 ----D---- C:\WINDOWS\Temp
2010-04-13 11:32:37 ----D---- C:\WINDOWS
2010-04-13 11:32:23 ----D---- C:\WINDOWS\Registration
2010-04-13 11:30:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 11:29:09 ----SD---- C:\WINDOWS\Tasks
2010-04-13 11:12:01 ----SH---- C:\boot.ini
2010-04-13 11:12:01 ----A---- C:\WINDOWS\win.ini
2010-04-13 11:12:01 ----A---- C:\WINDOWS\system.ini
2010-04-12 23:56:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-12 21:50:01 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-04-12 20:43:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 20:31:43 ----D---- C:\WINDOWS\Debug
2010-04-12 18:24:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-04-11 15:36:56 ----SHD---- C:\WINDOWS\Installer
2010-04-11 15:36:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-11 15:09:44 ----D---- C:\Program Files\Mozilla Firefox
2010-04-11 14:50:15 ----D---- C:\WINDOWS\system32\drivers
2010-04-11 11:36:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-11 11:36:42 ----HD---- C:\WINDOWS\inf
2010-04-11 00:05:55 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-10 03:00:44 ----D---- C:\WINDOWS\system32
2010-04-09 15:21:07 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-09 08:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-04-08 22:56:57 ----RSD---- C:\WINDOWS\assembly
2010-04-08 22:56:10 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-08 22:29:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-08 22:29:20 ----D---- C:\WINDOWS\WinSxS
2010-04-08 22:21:41 ----D---- C:\WINDOWS\system32\en-US
2010-04-08 22:21:31 ----RSD---- C:\WINDOWS\Fonts
2010-04-08 22:21:03 ----D---- C:\WINDOWS\system32\spool
2010-04-08 22:18:38 ----D---- C:\Program Files\Internet Explorer
2010-04-08 22:02:13 ----D---- C:\WINDOWS\Media
2010-04-08 22:02:13 ----D---- C:\WINDOWS\Help
2010-04-08 22:02:13 ----D---- C:\WINDOWS\AppPatch
2010-04-08 22:02:12 ----D---- C:\WINDOWS\system32\Setup
2010-04-08 21:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-08 21:25:18 ----D---- C:\Program Files\Movie Maker
2010-04-08 21:19:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-08 21:19:11 ----D---- C:\Program Files\Microsoft Works
2010-04-08 21:17:16 ----D---- C:\Program Files\Common Files\System
2010-04-08 21:15:32 ----D---- C:\Program Files\Outlook Express
2010-04-08 21:13:17 ----D---- C:\WINDOWS\ehome
2010-04-08 21:09:31 ----D---- C:\WINDOWS\ie7updates
2010-04-08 20:32:19 ----D---- C:\WINDOWS\network diagnostic
2010-04-08 19:55:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-08 19:30:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-08 19:30:03 ----D---- C:\Program Files\Logitech
2010-04-08 19:29:24 ----D---- C:\Program Files\Democracy2
2010-04-08 18:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-08 17:36:29 ----D---- C:\WINDOWS\Minidump
2010-04-08 12:11:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-07 21:56:43 ----D---- C:\WINDOWS\system32\config
2010-04-07 21:56:06 ----D---- C:\WINDOWS\system32\wbem
2010-04-07 21:55:50 ----D---- C:\Documents and Settings\J....n J.....d\Application Data\uTorrent
2010-04-07 21:55:16 ----D---- C:\WINDOWS\system32\Restore
2010-04-05 22:45:58 ----D---- C:\Music
2010-03-15 16:57:22 ----HD---- C:\$AVG

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-14 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-14 242696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 34816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 QCEmerald;Logitech QuickCam Web(PID_0850); C:\WINDOWS\system32\DRIVERS\LVCE.sys [2002-06-10 44544]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2004-08-10 95360]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-14 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-09-18 69632]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2009-07-20 2560]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2009-09-22 856064]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 gupdate1c9ad70bf1e8c19;Google Update Service (gupdate1c9ad70bf1e8c19); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 13th, 2010, 1:27 pm

Sorry. IE keeps giving me a connection error when I try to post info.txt. Will get it copied asap.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 13th, 2010, 1:28 pm

Hi jtjag03

Please download gmer.zip from Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.
  • Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  • In Command Prompt, type in net stop gmer. Press Enter.
  • Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 13th, 2010, 1:44 pm

Should I run this in safe mode? I'm away from home now but will run this as soon as I can.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 13th, 2010, 1:52 pm

Hi jtjag03

do it in "normal mode" ;)

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 13th, 2010, 11:55 pm

Ran GMER. I checked back later in the evening and it was still running after 3 or 4 hours. The next time I checked I had a BSOD. I will try running again overnight and see what happens.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 14th, 2010, 12:35 pm

I've run GMER twice now. When it finishes, I can click COPY and get the confirmation box saying it was saved to my clipboard. After that, everything freezes. I can still move my mouse, but I can't close GMER or open up NOTEPAD, or anything else for that matter. I'm going to give it another chance right now.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 14th, 2010, 5:17 pm

Success, finally. I'm not sure if it's correct, but just in case, when I went to the command prompt at the end and typed 'net stop gmer' the response I got was 'The specified service does not exist as an installed service'.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 15:59:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ftdisk.sys entry point in ".rsrc" section [0xB9F65314]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8454380, 0x34C81F, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xAD714280]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\ehome\ehtray.exe[428] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[428] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\ehome\ehtray.exe[428] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[428] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\ehome\ehtray.exe[428] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 016E0001
.text C:\WINDOWS\ehome\ehtray.exe[428] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\ehome\ehtray.exe[428] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[428] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\ehome\ehtray.exe[428] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[428] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[428] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\ehome\ehtray.exe[428] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B4000C
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\WINDOWS\stsystra.exe[716] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[716] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\stsystra.exe[716] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[716] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\stsystra.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 016B0001
.text C:\WINDOWS\stsystra.exe[716] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\stsystra.exe[716] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\stsystra.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\stsystra.exe[716] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[716] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\WINDOWS\stsystra.exe[716] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\stsystra.exe[716] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 010F0001
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[732] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 010A0001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 011F0001
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[1136] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F60001
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1156] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F60001
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1164] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 04BF000A
.text C:\WINDOWS\System32\svchost.exe[1224] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 04B1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02920001
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1288] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1696] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F70001
.text C:\WINDOWS\system32\ctfmon.exe[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01890001
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2020] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B50001
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2072] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 019E0001
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2324] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01430001
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ADVAPI32.dll!CreateProcessWithLogonW 77E15EFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15F01 2 Bytes [05, 5F]
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2524] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F1C0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \FileSystem\Fastfat \Fat A4160C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\iastor \Device\Harddisk0\DR0 8A61FAC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULserv
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULl
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULclk

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ftdisk.sys suspicious modification
File C:\WINDOWS\system32\drivers\iastor.sys suspicious modification

---- EOF - GMER 1.0.15 ----
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 15th, 2010, 2:52 am

Hi jtjag03

good job :)

C:\WINDOWS\system32\drivers\ftdisk.sys
C:\WINDOWS\system32\drivers\iastor.sys

  • Copy/Paste file into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Repeat for all files on the list, and post me the details please

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 15th, 2010, 12:15 pm

File ftdisk.sys received on 2010.04.15 15:54:39 (UTC)
Result: 0/40 (0%)

Additional information
File size: 125056 bytes
MD5...: 6ac26732762483366c3969c9e4d2259d
SHA1..: 12b8db7b23bf05c46bce7640b0714bf682b7c2a4
SHA256: ff2c9a23cc17f380093f0bea955b1925794271c2fea16b9b7639668e6999bae3
ssdeep: 3072:ohdvNbNxPAPY23YB/y0sNfVkwT1nvVgkA:QRDmY2oB/y0sNphnvV

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1b4e2
timedatestamp.....: 0x3b7d8419 (Fri Aug 17 20:52:41 2001)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x16ce 0x1700 6.44 7f955ee44ff489aa3ff41ef533aeb2eb
.rdata 0x1a80 0x78b 0x800 5.05 b7e53231c26279c852a59a914fdb8623
.data 0x2280 0x24 0x80 0.29 6ea9989a984506c1682990de1c667965
PAGE 0x2300 0xd31c 0xd380 6.56 c8145e2051e63ce15610470eb7917e71
PAGELK 0xf680 0xbc31 0xbc80 6.57 28db540df772f6f70a8992bdda327274
INIT 0x1b300 0xff0 0x1000 5.87 6aea45e9dc40c0a867165951c1d24069
.rsrc 0x1c300 0x1300 0x1300 3.47 66b7817368e115a886891e4c1da1f0eb
.reloc 0x1d600 0x123a 0x1280 6.44 8e3a630ff85b98c55edd7cd91b102b1e

( 3 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, HalExamineMBR, IoBuildDeviceIoControlRequest, IoGetAttachedDeviceReference, ObfDereferenceObject, KeQuerySystemTime, ExUuidCreate, _allshr, _allmul, memmove, RtlWriteRegistryValue, RtlQueryRegistryValues, RtlCompareMemory, DbgPrint, ObReferenceObjectByHandle, _purecall, RtlCompareUnicodeString, IoGetDeviceObjectPointer, RtlInitUnicodeString, swprintf, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoRegisterDeviceInterface, IoWMIRegistrationControl, IofCompleteRequest, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, IoGetFileObjectGenericMapping, SeLockSubjectContext, SeCaptureSubjectContext, RtlDeleteRegistryValue, RtlCreateRegistryKey, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, KeReleaseSemaphore, IoReleaseCancelSpinLock, KeSetEvent, PoCallDriver, PoStartNextPowerIrp, PsTerminateSystemThread, ExQueueWorkItem, IoRegisterShutdownNotification, KeInitializeSemaphore, IoDeleteDevice, IoDetachDevice, IoAttachDeviceToDeviceStack, KeInitializeSpinLock, IoCreateDevice, PoRequestPowerIrp, PoSetPowerState, IoAcquireCancelSpinLock, IoReportTargetDeviceChangeAsynchronous, KeInitializeEvent, KeClearEvent, RtlStringFromGUID, IoSetSystemPartition, ZwClose, ZwFsControlFile, ZwOpenFile, IoInvalidateDeviceRelations, PsCreateSystemThread, RtlEqualUnicodeString, ObfReferenceObject, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, RtlVolumeDeviceToDosName, KeBugCheckEx, IoGetBootDiskInformation, MmLockPagableDataSection, IoInvalidateDeviceState, IoSetDeviceInterfaceState, IoGetDeviceProperty, IoUnregisterShutdownNotification, _alldiv, IoRegisterDriverReinitialization, IoRegisterBootDriverReinitialization, RtlCopyUnicodeString, IoReportDetectedDevice, InterlockedPopEntrySList, InterlockedPushEntrySList, ExInitializeNPagedLookasideList, IoFreeMdl, IoAllocateMdl, MmBuildMdlForNonPagedPool, IoAllocateIrp, FsRtlIsTotalDeviceFailure, IoFreeIrp, IoReuseIrp, IoBuildPartialMdl, MmUnmapLockedPages, _allrem, _alldvrm, _allshl, MmMapLockedPages, IoRaiseInformationalHardError, KeGetCurrentThread, wcslen, ZwQueryValueKey, ZwOpenKey, ZwSetSecurityObject, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, _except_handler3, IoBuildSynchronousFsdRequest, IofCallDriver, KeWaitForSingleObject, strncmp, IoReadPartitionTableEx, ExFreePoolWithTag
> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: FT Disk Driver
original name: ftdisk.sys
internal name: ftdisk.sys
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)



File iaStor.sys received on 2010.04.15 15:59:33 (UTC)
Result: 0/40 (0%)

Additional information
File size: 247808 bytes
MD5...: 294110966cedd127629c5be48367c8cf
SHA1..: 8731ed6f7a9c47f7fb53568417ed71a90beb8544
SHA256: a05049b96bbd2e4faf01af69a69f9b0b96e610eb66e68a45051fef7e67dd846a
ssdeep: 3072:hbZui6GseOvrHDp9Xy3BbjQdIQVwgyB7bu5L1DIh6q1FZVxKOJdIHEShASl
:hb0ATihlsdMGQVOZbspibFZVxKOJuH

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x446382da (Thu May 11 18:30:50 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x375ce 0x37600 6.56 619a289d88aef899184be4ce8daaf2b9
.rdata 0x39000 0xa64 0xc00 5.19 7b4ef7a6062681955e12a73da0cd3ea0
.data 0x3a000 0x78bcc 0x1000 4.68 8d79e9065ce301395b85a477ea5ffd55
INIT 0xb3000 0xc60 0xe00 5.21 446840bf3a0865b0fa675a659f4533a5
.rsrc 0xb4000 0x440 0x600 2.51 4059d62d3272a9814cb3dbd931a4e909
.reloc 0xb5000 0x1cfa 0x1e00 5.40 be045043ac8e3720084b3f8004763bf1

( 2 imports )
> ntoskrnl.exe: ZwClose, ZwQueryValueKey, DbgPrint, ZwOpenKey, RtlCreateRegistryKey, RtlCopyUnicodeString, memmove, KeInsertQueueDpc, MmGetPhysicalAddress, KeInitializeSpinLock, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoInvalidateDeviceRelations, IoFreeWorkItem, IoRequestDeviceEject, IoQueueWorkItem, IoAllocateWorkItem, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, IofCompleteRequest, IofCallDriver, IoGetDmaAdapter, RtlWriteRegistryValue, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwCreateKey, swprintf, KeWaitForSingleObject, KeInitializeEvent, IoDisconnectInterrupt, IoGetConfigurationInformation, IoDeleteDevice, ExDeleteNPagedLookasideList, KeCancelTimer, IoFreeIrp, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoDetachDevice, IoDeleteSymbolicLink, IoConnectInterrupt, IoReleaseRemoveLockAndWaitEx, strstr, strncat, sprintf, IoBuildDeviceIoControlRequest, PoSetPowerState, PoRegisterDeviceForIdleDetection, RtlCompareMemory, KeClearEvent, IoInitializeRemoveLockEx, ObfReferenceObject, KeSetTimer, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoAcquireRemoveLockEx, RtlInitUnicodeString, KeSetEvent, _allmul, KeInitializeDpc, KeInitializeTimer, ObfDereferenceObject, IoGetAttachedDeviceReference, IoAllocateIrp, IoInvalidateDeviceState, strncpy, strncmp, PoRequestPowerIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, MmMapLockedPagesSpecifyCache, KeBugCheck, KeRemoveQueueDpc, KeQuerySystemTime, KeQueryTimeIncrement, KeTickCount, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, ObReferenceObjectByHandle, PsCreateSystemThread, ExInitializeNPagedLookasideList, MmMapIoSpace, ExRegisterCallback, ExCreateCallback, IoReportResourceForDetection, ExUnregisterCallback, MmUnmapIoSpace, RtlCheckRegistryKey, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, _alldiv, PoStartNextPowerIrp, PoCallDriver, _purecall, ExSystemTimeToLocalTime, KeDelayExecutionThread, KeSetTimerEx, KeInitializeTimerEx, wcslen, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, IoReleaseRemoveLockEx, ExFreePoolWithTag
> HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KfReleaseSpinLock, KfAcquireSpinLock, KeGetCurrentIrql, KeStallExecutionProcessor

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2006
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver
original name: iaStor.sys
internal name: iaStor.sys
file version.: 6.0.0.1022
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 15th, 2010, 1:04 pm

Hi jtjag03

1 - Download and Run ComboFix

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)


Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 15th, 2010, 11:20 pm

ComboFix 10-04-14.04 - J....n J.....d 04/15/2010 21:54:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1450 [GMT -5:00]
Running from: c:\documents and settings\J....n J.....d\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK

.
((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-13 16:41 . 2010-04-13 16:42 -------- d-----w- c:\program files\trend micro
2010-04-13 16:41 . 2010-04-13 16:42 -------- d-----w- C:\rsit
2010-04-13 00:11 . 2010-04-13 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-13 00:11 . 2010-04-13 00:11 -------- d-----w- c:\program files\IObit
2010-04-12 01:00 . 2010-04-12 02:01 -------- d-----w- c:\documents and settings\J....n J.....d\DoctorWeb
2010-04-11 20:38 . 2010-04-11 20:38 52224 ----a-w- c:\documents and settings\J....n J.....d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-11 20:38 . 2010-04-11 20:38 117760 ----a-w- c:\documents and settings\J....n J.....d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-11 20:37 . 2010-04-11 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-11 20:36 . 2010-04-11 20:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 20:36 . 2010-04-11 20:36 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\SUPERAntiSpyware.com
2010-04-11 16:36 . 2010-04-11 18:31 -------- d-----w- c:\windows\BDOSCAN8
2010-04-09 13:30 . 2010-04-09 13:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 03:24 . 2010-04-09 03:24 -------- d-sh--w- c:\documents and settings\J....n J.....d\PrivacIE
2010-04-09 03:21 . 2010-04-09 03:21 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-09 03:21 . 2010-04-09 03:21 -------- d-----w- c:\program files\Reference Assemblies
2010-04-09 03:21 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-09 03:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-09 03:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-09 03:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-09 03:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-09 03:20 . 2010-04-09 03:21 -------- d-----w- C:\13e426ba417ad14154aeffdb
2010-04-09 03:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-09 03:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-09 03:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-09 03:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-09 03:08 . 2010-04-09 03:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-09 03:04 . 2010-04-09 03:04 -------- d-sh--w- c:\documents and settings\J....n J.....d\IETldCache
2010-04-09 02:54 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-09 02:54 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-09 02:54 . 2010-04-09 02:54 -------- d-----w- c:\windows\ie8updates
2010-04-09 02:54 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-09 02:53 . 2010-04-09 02:53 -------- dc-h--w- c:\windows\ie8
2010-04-09 02:12 . 2010-04-09 02:12 -------- d-----w- c:\windows\ServicePackFiles
2010-04-09 01:59 . 2010-04-09 01:59 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-09 01:59 . 2010-04-09 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 00:57 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-09 00:55 . 2010-04-09 00:55 -------- d-----w- c:\program files\Windows Defender
2010-04-08 22:00 . 2010-04-08 22:01 -------- d-----w- c:\program files\CCleaner
2010-04-08 22:00 . 2010-04-08 22:00 388096 ----a-r- c:\documents and settings\J....n J.....d\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-08 22:00 . 2010-04-08 22:00 -------- d-----w- c:\program files\TrendMicro
2010-03-27 06:31 . 2010-03-27 06:31 67424 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 02:32 . 2009-07-20 22:47 1145 --sha-w- c:\windows\system32\mmf.sys
2010-04-15 23:27 . 2010-04-08 03:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 22:33 . 2010-02-26 07:20 0 ----a-w- c:\documents and settings\J....n J.....d\Local Settings\Application Data\prvlcl.dat
2010-04-15 04:39 . 2008-09-18 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-13 04:56 . 2004-08-10 11:00 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-04-13 01:43 . 2009-07-22 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-11 20:36 . 2009-03-04 23:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-09 13:24 . 2009-06-12 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-09 03:37 . 2008-09-18 00:41 85072 ----a-w- c:\documents and settings\J....n J.....d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-09 02:26 . 2008-11-24 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-09 02:19 . 2008-11-24 05:44 -------- d-----w- c:\program files\Microsoft Works
2010-04-09 00:30 . 2008-09-18 03:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 00:30 . 2009-01-06 03:15 -------- d-----w- c:\program files\Logitech
2010-04-09 00:29 . 2009-09-01 04:45 -------- d-----w- c:\program files\Democracy2
2010-04-08 17:11 . 2009-07-22 04:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 08:42 . 2010-04-08 08:42 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\Malwarebytes
2010-04-08 08:42 . 2010-04-08 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 08:42 . 2010-04-08 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-08 02:55 . 2008-09-18 02:11 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\uTorrent
2010-03-30 05:46 . 2010-04-08 08:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2010-04-08 08:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 12:02 . 2009-11-30 22:00 79488 ----a-w- c:\documents and settings\J....n J.....d\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-14 13:13 . 2009-11-20 20:31 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 13:13 . 2010-03-14 13:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 13:13 . 2008-09-18 04:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 13:12 . 2008-09-18 04:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 03:10 . 2010-02-01 06:09 48128 ----a-w- c:\documents and settings\J....n J.....d\fbchathistory.dat
2010-03-02 04:13 . 2009-10-04 03:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-26 07:41 . 2010-02-26 07:38 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\wootalyzer
2010-02-26 07:37 . 2010-02-26 07:37 -------- d-----w- c:\program files\Wootalyzer
2010-02-25 06:24 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 04:59 . 2009-02-05 19:55 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\ZoomBrowser EX
2010-02-25 04:58 . 2009-02-05 19:54 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\CameraWindowDC
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Google Update"="c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-05 198160]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

c:\documents and settings\J....n J.....d\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlackBerry Desktop Redirector.lnk - c:\program files\Research In Motion\BlackBerry\Redirector.exe [2008-5-30 1319024]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 13:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^J....n J.....d^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\J....n J.....d\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\J....n J.....d\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/21/2009 10:38 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/17/2008 11:14 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/20/2009 3:31 PM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:13 AM 308064]
S2 gupdate1c9ad70bf1e8c19;Google Update Service (gupdate1c9ad70bf1e8c19);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2009 12:40 PM 133104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/12/2010 7:11 PM 311568]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/20/2009 5:47 PM 2560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [1/5/2009 10:17 PM 44544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-18 08:58]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 17:40]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 17:40]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2139871995-1801674531-1003Core.job
- c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 07:15]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2139871995-1801674531-1003UA.job
- c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 07:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {B6CC1067-4963-42B5-8030-E47DCB9EA05D} = 192.168.1.254,192.168.1.1
FF - ProfilePath - c:\documents and settings\J....n J.....d\Application Data\Mozilla\Firefox\Profiles\0nuudx8y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\J....n J.....d\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\J....n J.....d\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\J....n J.....d\Application Data\Mozilla\Firefox\Profiles\0nuudx8y.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A65DAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> iaStor.sys @ 0xb9e74f78
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel(R) 82566DC Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d66ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d73b21
SendHandler -> NDIS.sys @ 0xb9d5187b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,ba,e9,e0,76,1f,5b,ab,
75
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,f2,c9,99,66,1f,10,89,7d,ec,36,ce,6f,e7,65,ad,a4

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,0d,ef,4b,fc,af,c2,2e,ad
"2"=hex:39,fe,26,35,13,14,2d,2b,4e,eb,53,c5,fe,f3,ac,1b
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,49,3e,e5,49,ef,df,ad,a2
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\58BBB2CAA762B86BF8228F8849EB5144]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"2"=hex:84,00,a2,e9,a5,84,bc,35
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,53,74,ea,24,5b,d9,02,83
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,89,77,0c,65,96,1c,ff,8e,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-15 22:11:20
ComboFix-quarantined-files.txt 2010-04-16 03:11

Pre-Run: 79,875,067,904 bytes free
Post-Run: 80,539,496,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - D00ACFBFEE95033657EAC162EB66FD92
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 551 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware