Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

weird virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 9:01 am

Hi :)

Thats fine, let it complete and post the logs I requested. Basically your machine is running a Vista Check-Disk which is required according to the RSIT logs provided.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: weird virus

Unread postby yarders » July 20th, 2009, 9:57 am

Oh I closed it when my computer finaly started are u sure it's safe to try again


the avg threat detection is different now

Image
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 10:09 am

I am not sure what you mean here. Do you mean the Check-Disk completed and ComboFix did not complete its run?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 20th, 2009, 10:39 am

It completed. And I singed in and the blue program came up and I closed it
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 10:47 am

Hi :)

OK then, please post back the following:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • A new Rooter Log.
  • ComboFix Log.
  • A new HijackThis Log. <-- Remember to right click on HiJackThis.exe and select Run as Administrator
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 20th, 2009, 2:26 pm

i finished the combofix and now when i open IE there is no threat detection by avg and windows is downloading updates now taking hours so many updates. when i opened IE earlier it just kept opening pages and pages on its own so i shut down and lost the combofix log and when i booted up i finished combofix for the log again and ie safari wouldnt open so i restarted and its working now

i think its gone many thanks for your help

heres the rooter log
.
C:\ [Fixed-NTFS] .. ( Total:285 Go - Free:84 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
H:\ [CD_Rom]
.
Scan : 18:31.35
Path : C:\Users\Jonny\Desktop\Rooter.exe
User : Jonny ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (548)
______ C:\Windows\system32\csrss.exe (680)
______ C:\Windows\system32\wininit.exe (732)
______ C:\Windows\system32\csrss.exe (740)
______ C:\Windows\system32\services.exe (776)
______ C:\Windows\system32\lsass.exe (788)
______ C:\Windows\system32\lsm.exe (796)
______ C:\Windows\system32\winlogon.exe (836)
______ C:\Windows\system32\svchost.exe (976)
______ C:\Windows\system32\svchost.exe (1036)
______ C:\Windows\System32\svchost.exe (1076)
______ C:\Windows\System32\svchost.exe (1128)
______ C:\Windows\System32\svchost.exe (1160)
______ C:\Windows\system32\svchost.exe (1176)
Locked audiodg.exe (1260)
______ C:\Windows\system32\SLsvc.exe (1296)
______ C:\Windows\system32\svchost.exe (1352)
______ C:\Windows\system32\svchost.exe (1536)
______ C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (1744)
______ C:\Windows\system32\WLANExt.exe (560)
______ C:\Windows\System32\spoolsv.exe (968)
______ C:\Windows\system32\svchost.exe (1172)
______ C:\Windows\system32\Dwm.exe (1440)
______ C:\Windows\system32\taskeng.exe (1972)
______ C:\Windows\Explorer.EXE (2000)
______ C:\Windows\system32\taskeng.exe (2124)
______ C:\Program Files\Google\Update\GoogleUpdate.exe (2180)
______ C:\Program Files\Windows Defender\MSASCui.exe (2432)
______ C:\Program Files\DellTPad\Apoint.exe (2440)
______ C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (2448)
______ C:\Windows\System32\rundll32.exe (2464)
______ C:\Windows\System32\rundll32.exe (2472)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2492)
______ C:\Program Files\AVG\AVG8\avgtray.exe (2512)
______ C:\Windows\System32\LVComS.exe (2520)
______ C:\Program Files\iTunes\iTunesHelper.exe (2544)
______ C:\Program Files\Fingerprint Reader Suite\psqltray.exe (2572)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (2580)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2588)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2596)
______ C:\Windows\ehome\ehtray.exe (2612)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (2620)
______ C:\Program Files\Dell\QuickSet\quickset.exe (2672)
______ C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (2740)
______ C:\Windows\ehome\ehmsas.exe (2928)
______ C:\Windows\system32\aestsrv.exe (3572)
______ C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (3612)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (3636)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (3764)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2800)
______ C:\Windows\system32\svchost.exe (2820)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (2700)
______ C:\Program Files\Internet Explorer\ieuser.exe (3148)
______ C:\Program Files\Internet Explorer\iexplore.exe (3180)
______ C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (2276)
______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (2528)
______ C:\Windows\system32\svchost.exe (3912)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (3924)
______ C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (3964)
______ C:\Windows\System32\svchost.exe (4036)
______ C:\Windows\System32\svchost.exe (4088)
______ C:\Windows\system32\svchost.exe (4076)
______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3228)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (3660)
______ C:\Windows\system32\STacSV.exe (688)
______ C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (2880)
______ C:\Windows\system32\svchost.exe (2396)
______ C:\Windows\System32\svchost.exe (1664)
______ C:\Windows\system32\SearchIndexer.exe (3436)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (4436)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (4444)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (4628)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (5084)
______ C:\Windows\system32\wbem\wmiprvse.exe (5684)
______ C:\Program Files\iPod\bin\iPodService.exe (5800)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (5908)
______ C:\Windows\system32\svchost.exe (6020)
______ C:\Program Files\DellTPad\ApMsgFwd.exe (4264)
______ C:\Windows\System32\mobsync.exe (4512)
______ C:\Program Files\DellTPad\Apntex.exe (3384)
______ C:\Program Files\DellTPad\HidFind.exe (4956)
______ C:\Windows\system32\wbem\unsecapp.exe (4212)
______ C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (3736)
______ C:\Windows\system32\SearchFilterHost.exe (3108)
______ C:\Windows\system32\SearchProtocolHost.exe (3632)
______ C:\Windows\system32\DllHost.exe (588)
______ C:\Windows\system32\DllHost.exe (4160)
______ C:\Users\Jonny\Desktop\Rooter.exe (3984)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:123346944)
\Device\Harddisk0\Partition2 (Start_Offset:123731968 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10861150208 | Length:306526023680)
\Device\Harddisk0\Partition0 (Start_Offset:317387177984 | Length:2684354560)
\Device\Harddisk0\Partition4 (Start_Offset:317388226560 | Length:2683305984)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:36.25
.
C:\Rooter$\Rooter_2.txt - (20/07/2009 | 18:36.25)
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 20th, 2009, 2:29 pm

heres hijack this


its also weird that i hve 90 gb free now i have no idea how did this rookit thing realy take up like 40 gig because thats how much i had free yesterday

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:55, on 18/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\LVComS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jonny\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jonny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{72ae8426-3b8d-4ead-b191-8d0ad1c62158} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVComs] C:\Windows\system32\LVComS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2617438544-2265370005-1231189347-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Deshveer')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37C5D148-3F71-414B-A4CD-A8DC85DC1027}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F9AA7D-CF2E-4390-A30C-7FDB00182F6B}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{74422120-F23D-4C76-8045-037C138F4CEA}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f505dcf6ec00) (gupdate1c9f505dcf6ec00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13596 bytes
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 20th, 2009, 2:31 pm

heres the combofix log

ComboFix 09-07-19.04 - Jonny 20/07/2009 17:57.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.44.1033.18.3581.2322 [GMT 1:00]
Running from: c:\users\Jonny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 16:12 . 2009-07-20 16:12 -------- d-----w- c:\users\Deshveer\AppData\Local\temp
2009-07-20 13:11 . 2009-07-20 13:11 -------- d-sh--w- C:\found.000
2009-07-18 13:12 . 2009-07-18 13:12 -------- d-----w- C:\rsit
2009-07-18 12:33 . 2009-07-18 12:33 -------- d-----w- C:\Rooter$
2009-07-17 19:57 . 2004-11-09 17:20 87552 ----a-w- c:\windows\system32\trltmpct.dll
2009-07-17 19:57 . 2009-07-17 19:57 -------- d-----w- C:\3D Rad
2009-07-15 18:54 . 2009-07-15 18:57 -------- d-----w- c:\users\Jonny\AppData\Roaming\IGN_DLM
2009-07-15 18:54 . 2009-07-15 18:54 -------- d-----w- c:\program files\Download Manager
2009-07-14 16:38 . 2009-07-14 16:38 -------- d-----w- c:\users\Jonny\AppData\Local\PunkBuster
2009-07-14 16:37 . 2009-07-14 16:37 -------- d-----w- c:\users\Jonny\AppData\Local\Activision
2009-07-14 16:10 . 2009-07-14 16:10 22328 ----a-w- c:\users\Jonny\AppData\Roaming\PnkBstrK.sys
2009-07-14 15:47 . 2009-07-14 15:47 -------- d-----w- c:\program files\Activision
2009-07-14 14:51 . 2009-07-14 14:52 -------- d-----w- c:\program files\Safari
2009-07-14 12:35 . 2009-07-14 12:35 -------- d-----w- c:\users\Jonny\AppData\Local\Mozilla
2009-07-14 09:48 . 2009-07-14 09:48 -------- d-----w- c:\program files\Trend Micro
2009-07-08 19:09 . 2009-07-08 19:09 -------- d-----w- c:\program files\ESET
2009-07-01 19:17 . 2009-07-01 19:17 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-07-01 16:27 . 2009-07-01 16:26 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 16:27 . 2009-07-01 16:27 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-28 18:32 . 2009-06-28 18:32 -------- d-----w- c:\programdata\NortonInstaller
2009-06-28 18:32 . 2009-06-28 18:32 -------- d-----w- c:\program files\NortonInstaller
2009-06-28 18:04 . 2009-06-28 18:14 -------- d-----w- c:\users\Jonny\AppData\Roaming\DMCache
2009-06-28 18:04 . 2009-06-28 18:09 -------- d-----w- c:\users\Jonny\AppData\Roaming\IDM
2009-06-28 18:04 . 2009-06-28 18:15 -------- d-----w- c:\program files\Internet Download Manager
2009-06-28 14:17 . 2009-06-28 18:13 -------- d-----w- c:\program files\PC Satellite TV
2009-06-28 11:34 . 2009-06-28 11:34 -------- d-----w- c:\program files\Windows Doctor
2009-06-24 19:56 . 2009-06-24 19:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-24 19:05 . 2009-06-24 19:05 -------- d-----w- c:\users\Jonny\AppData\Local\AirMouse
2009-06-24 19:04 . 2009-06-24 19:04 -------- d-----w- c:\program files\Air Mouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 16:52 . 2009-02-23 19:14 -------- d-----w- c:\users\Jonny\AppData\Roaming\Skype
2009-07-20 16:45 . 2008-04-24 22:37 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-18 23:08 . 2008-04-24 22:48 -------- d-----w- c:\program files\Java
2009-07-18 21:56 . 2008-04-28 19:44 27335 ----a-w- c:\users\Jonny\AppData\Roaming\nvModes.dat
2009-07-18 21:53 . 2009-05-02 11:55 -------- d-----w- c:\users\Jonny\AppData\Roaming\uTorrent
2009-07-18 21:53 . 2009-04-26 15:54 -------- d-----w- c:\users\Jonny\AppData\Roaming\BitTorrent
2009-07-18 21:41 . 2008-04-24 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 10:25 . 2009-04-11 20:47 -------- d-----w- c:\users\Jonny\AppData\Roaming\mIRC
2009-07-08 19:21 . 2008-07-01 13:52 34 ----a-w- c:\users\Jonny\jagex_runescape_preferences.dat
2009-07-07 16:07 . 2008-06-08 09:54 -------- d-----w- c:\users\Jonny\AppData\Roaming\LimeWire
2009-07-01 18:54 . 2008-05-02 20:53 680 ----a-w- c:\users\Jonny\AppData\Local\d3d9caps.dat
2009-07-01 16:26 . 2008-05-17 10:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 16:26 . 2008-05-17 10:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 16:26 . 2008-05-17 10:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 19:57 . 2008-04-24 23:05 -------- d-----w- c:\program files\Google
2009-06-24 19:56 . 2008-05-05 09:12 -------- d-----w- c:\program files\DivX
2009-06-22 14:34 . 2009-05-04 10:24 -------- d-----w- c:\program files\Advanced System Optimizer
2009-06-22 12:02 . 2008-10-11 17:45 -------- d-----w- c:\program files\Electronic Arts
2009-06-22 11:52 . 2009-04-30 18:27 -------- d-----w- c:\programdata\Microsoft Games
2009-06-22 11:52 . 2009-04-30 18:26 -------- d-----w- c:\users\Jonny\AppData\Roaming\Microsoft Game Studios
2009-06-22 11:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-06-21 20:16 . 2009-02-28 14:07 -------- d-----w- c:\users\Jonny\AppData\Roaming\DiskAid
2009-06-20 14:29 . 2009-06-20 13:57 -------- d-----w- c:\program files\iTunes
2009-06-20 13:57 . 2009-06-20 13:57 -------- d-----w- c:\program files\iPod
2009-06-20 13:57 . 2008-05-04 10:21 -------- d-----w- c:\program files\Common Files\Apple
2009-06-20 13:53 . 2009-01-18 15:37 -------- d-----w- c:\program files\QuickTime
2009-06-18 21:21 . 2009-01-02 13:52 -------- d-----w- c:\program files\VirtualDJ
2009-06-18 20:00 . 2009-06-18 20:00 -------- d-----w- c:\program files\RealVNC
2009-06-12 18:39 . 2009-06-12 18:39 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3544.tmp.exe
2009-06-11 20:12 . 2008-05-04 10:19 -------- d-----w- c:\programdata\Apple
2009-06-11 19:43 . 2009-06-11 19:43 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 19:40 . 2009-06-11 19:40 -------- d-----w- c:\program files\Bonjour
2009-06-09 17:54 . 2009-06-09 17:54 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAE79.tmp.exe
2009-06-07 17:09 . 2009-06-07 17:07 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-06-07 15:57 . 2009-06-07 15:57 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-06 16:56 . 2009-06-06 16:56 -------- d-----w- c:\program files\Rockstar Games
2009-06-06 11:49 . 2009-02-04 21:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-06 11:44 . 2008-05-17 10:11 -------- d-----w- c:\programdata\avg8
2009-06-05 12:57 . 2009-06-05 12:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 21:52 . 2009-05-31 21:52 -------- d-----w- c:\program files\Team JPN
2009-05-30 18:30 . 2009-05-30 18:30 -------- d-----w- c:\program files\Ubisoft Entertainment
2009-05-29 19:42 . 2009-05-29 19:42 3954 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-29 19:29 . 2009-05-29 19:23 -------- d-----w- c:\program files\Image-Line
2009-05-29 19:29 . 2008-07-16 11:28 -------- d-----w- c:\program files\Vstplugins
2009-05-29 19:27 . 2009-05-29 19:27 -------- d-----w- c:\program files\Outsim
2009-05-29 10:44 . 2009-05-28 15:13 -------- d-----w- c:\programdata\NOS
2009-05-29 10:44 . 2009-05-28 15:13 -------- d-----w- c:\program files\NOS
2009-05-28 15:18 . 2009-05-28 15:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-28 15:17 . 2008-06-01 12:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 16:48 . 2009-03-01 12:06 -------- d-----w- c:\program files\SwiftKit
2009-05-23 12:28 . 2009-05-23 11:11 -------- d-----w- c:\users\Jonny\AppData\Roaming\Ventrilo
2009-05-10 14:34 . 2009-05-10 14:34 390664 ----a-w- c:\users\Jonny\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-10 14:34 . 2009-05-10 14:34 390664 ----a-w- c:\users\Jonny\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-04 15:48 . 2009-05-04 15:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-04 15:48 . 2009-05-04 15:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-04 15:48 . 2009-05-04 15:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-04-30 14:34 . 2009-04-30 14:34 390664 ----a-w- c:\users\Jonny\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-04-26 17:08 . 2009-04-26 15:40 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-26 15:45 . 2009-04-26 15:45 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2009-04-26 15:40 . 2009-04-26 15:40 140392 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2009-04-22 20:57 . 2009-04-22 20:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-04-22 20:57 . 2009-04-22 20:57 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-24 14:37 . 2009-07-14 12:35 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-04-24 22:53 . 2008-04-24 22:53 74 --sh--r- c:\windows\CT4CET.bin
2008-04-25 06:25 . 2008-04-25 06:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-20_16.01.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-24 23:18 . 2009-07-20 16:51 68752 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-20 16:51 85668 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-28 17:27 . 2009-07-20 16:51 16020 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2617438544-2265370005-1231189347-1000_UserData.bin
+ 2008-04-28 17:22 . 2009-07-20 16:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-28 17:22 . 2009-07-20 15:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-28 17:22 . 2009-07-20 16:56 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-28 17:22 . 2009-07-20 15:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-28 17:22 . 2009-07-20 16:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-28 17:22 . 2009-07-20 15:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-20 13:16 . 2009-07-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-20 16:46 . 2009-07-20 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-20 16:46 . 2009-07-20 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-20 13:16 . 2009-07-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-25 1006264]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"LVComs"="c:\windows\system32\LVComS.exe" [2003-12-06 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-04-22 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= SysInspector.exe
"2"= callmsi.exe
"3"= ecmd.exe
"4"= ecls.exe
"5"= eeclnt.exe
"6"= egui.exe
"7"= EHttpSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24AEA045-D727-4E51-BF3C-08B96179EA60}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5303B92F-6468-4517-BFBC-BF8C4220F0A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AC0DC69A-6267-4153-B6E5-06099DAE8319}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{56DE83C4-2578-4690-803F-FDEFC1742FB6}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{952BCEF4-07EE-4E2B-8C21-B1813F7D0CF3}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{84A8C2D8-87CE-45D8-8974-A9948963C19D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{00B96C10-78C8-49E4-9E1C-A7188D444E65}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8BAFEE4F-CCB7-4277-AA6A-8084E35EF0D8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{280B61F9-3D9B-4280-A5CE-E53418A9E279}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{622FA5BE-17FF-4559-A9C8-ED963233FEFD}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9E7A8B28-D463-4386-98DE-C68673E99D0F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AE96C397-F1DE-46A0-8C17-ACE85976699D}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{B5FFC567-4B73-4422-868E-EADBB52108B2}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{6AE0BA12-0D46-4518-9ADF-0DF58CB042AE}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{628330B0-0BF3-47BF-B813-0AA28D008068}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{FB1D207E-ECAC-4029-B2F9-187C968BA429}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{D1BDDA8C-87C4-4615-94F5-B3DB1EDA6AA1}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{EE4E3F0F-E3B5-46C6-BBED-A36A17AD9344}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{ADD902C7-9187-4982-B04B-39338BBC65FE}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{638B569C-F2A5-4CDA-B664-3E4E8DE9B759}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D827965C-B380-49B4-893E-08E8DEC3EB0F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{1180650E-0D71-4C59-84DC-DDCF295D405C}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{9344A1CD-7E69-4127-B809-380DF7E75379}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{2ADDC352-3590-4C97-A159-0538A004CBFD}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{A16B23CF-9E29-4225-B4CF-003A310DBC66}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{36161F8D-7254-4624-B51A-0A853F91AB70}"= UDP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{FA278808-9E98-40F3-B9AD-8CCEDAEC035A}"= TCP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{0EBEA67C-EE29-4AD2-9B03-8C3080AED3DD}"= UDP:43594:elitescaoe
"TCP Query User{555106DC-D5D7-4F27-BC3C-F422C1DC8A73}c:\\users\\jonny\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= UDP:c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe
"UDP Query User{B8D69F20-5460-4C16-A2A6-8B6DFA144558}c:\\users\\jonny\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= TCP:c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe
"TCP Query User{FF27B841-7623-4B08-B4CB-7C2CE9F57CB0}c:\\sun\\sdk\\jdk\\bin\\java.exe"= UDP:c:\sun\sdk\jdk\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{26E591EC-F85C-4EF4-B49A-ED40E635A958}c:\\sun\\sdk\\jdk\\bin\\java.exe"= TCP:c:\sun\sdk\jdk\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{A2787B0E-9280-429E-979A-16465469CB35}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{E522E844-51A2-40B3-A7DD-FF5B6F7E0285}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{0BE11849-2782-4250-B29A-D04631D5A7AF}"= UDP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{1AFB604A-7B99-4010-8DB5-077673FB9D90}"= TCP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{C1706AC4-342A-45B9-85E7-AF62AF7FD95A}c:\\program files\\electronic arts\\the lord of the rings, the rise of the witch-king\\patchget.dat"= UDP:c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat:patchgrabber
"UDP Query User{77A52B58-5BB5-4A27-992E-5EACBDDCDB80}c:\\program files\\electronic arts\\the lord of the rings, the rise of the witch-king\\patchget.dat"= TCP:c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat:patchgrabber
"{C335EAFE-C019-4306-ACB0-9DA5211024FE}"= UDP:5353:Adobe CSI CS4
"{ABA4DEC9-C944-4CFF-A851-3AE91EEA927E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{71E4906A-C4E5-42A1-B99A-CA99C6DFD8E4}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{004F865E-F036-473C-860F-F8311680F11B}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{06A89743-8BD3-4D76-97CA-A82D163992CA}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{7D6CEBF8-DB71-4111-BA06-F68495DBDB7C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FFECF2B9-2167-489A-9731-5567904C7AFB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{19D7584E-279C-4C4B-82A4-575D3845F1CF}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{F966F953-E1FE-41F9-A665-B1AFAEB71F96}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"TCP Query User{9D53B217-5D10-47E1-BC25-EF991429B61B}c:\\program files\\beatpack\\beatpack.exe"= UDP:c:\program files\beatpack\beatpack.exe:BeatPack
"UDP Query User{4FF18342-C82A-4E93-9C13-053C24CE8F33}c:\\program files\\beatpack\\beatpack.exe"= TCP:c:\program files\beatpack\beatpack.exe:BeatPack
"TCP Query User{170C20ED-5538-477C-9387-134C4AF47D98}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{99360190-922B-4CF1-BC5F-F8AFCF1CE87B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{74DE9808-BA65-4B56-988E-CF9CE18DDEE8}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{A3DE4116-70E7-4D3E-A7E8-8D33375A11E8}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{694689CD-A605-4235-912D-10547AD0C4F0}"= UDP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{AA307F3D-C477-402B-8FA8-5A677589824B}"= TCP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{90082445-2BA3-4E2F-8525-7F9497F120F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{53F83388-6C24-47F3-8870-A38C76E08271}c:\\users\\jonny\\appdata\\local\\chat republic games\\superstar racing\\chatrepublicplayer.exe"= UDP:c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe:chatrepublicplayer.exe
"UDP Query User{4D73DBC7-41C9-4FD9-B7B8-BD771F590DD4}c:\\users\\jonny\\appdata\\local\\chat republic games\\superstar racing\\chatrepublicplayer.exe"= TCP:c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe:chatrepublicplayer.exe
"TCP Query User{6E7108C1-9249-478E-9F9F-AF22DFF35023}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{07C52273-BACA-4A0F-BFF5-FE5FA5707F6F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FBB090FE-F07D-4393-913D-F09583BFA7F9}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{76582215-B58A-4074-B4E2-B940C67CB3A9}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{2D2CD9B6-7DC2-47AB-8870-FC7C1032213A}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{53144CF5-84BD-424B-9C03-4E6CAF0FB89D}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{4DFD2325-2AEC-4B46-8945-5D5084B0EB40}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{B7983852-0E4A-4ABB-8212-537CF9F91C50}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{FC0E956C-4719-4897-9A0F-2B4ADA432527}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9AEF1DA1-671C-4795-AC5C-F4C97E43DA25}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{50BA37F3-93E8-4B03-9121-C4A92DF7D60A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{E68BA396-1515-44E2-93A7-E8629F429409}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{AD004B4A-7F4D-4856-B6E1-9DCC5C20697C}c:\\users\\jonny\\program files\\dna\\btdna.exe"= UDP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"UDP Query User{86A606C7-21AA-47AC-A23F-0E0330174F8F}c:\\users\\jonny\\program files\\dna\\btdna.exe"= TCP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"TCP Query User{2F9BC0E4-B096-4AA0-83C3-BC5E7F6E9FEA}c:\\users\\jonny\\program files\\dna\\btdna.exe"= UDP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"UDP Query User{432C4A61-205A-45E1-BC7F-99894B51932F}c:\\users\\jonny\\program files\\dna\\btdna.exe"= TCP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"TCP Query User{DCBA18CA-CD1F-4C84-B328-0F82EDE4F241}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= UDP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{BDFF5242-C3C8-40C0-9254-DAC1C451C74F}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= TCP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"{B3C265EC-AD41-4ED7-8B9C-05E7A376CD19}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{200184DE-6959-44EF-BD6E-E9043E3E3A7A}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{91FD91BF-97B2-4111-A310-1E773E469791}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{09FA8E3C-3E27-4D6A-91AE-68F98DEF05B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{474FC2FD-7B4C-47BD-8A21-13E3F099B22C}c:\\program files\\saints row 2\\sr2_pc (2).exe"= UDP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"UDP Query User{10C72A6C-6D17-4F79-A127-F5C65FB6ABC5}c:\\program files\\saints row 2\\sr2_pc (2).exe"= TCP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"TCP Query User{D911C422-469A-4E26-B758-35D2DEA817B5}c:\\program files\\saints row 2\\sr2_pc (2).exe"= UDP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"UDP Query User{0EECF539-17B8-4BCD-8F02-C3EC0BDFA011}c:\\program files\\saints row 2\\sr2_pc (2).exe"= TCP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"{972A5AA4-1A20-4ADA-A90E-CB73733AA8D7}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{227E1D72-12BD-476E-8480-5FEDDD6C1B60}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{1D9A9B40-76E6-42EC-AE22-01745C9DF127}"= UDP:c:\program files\Ubisoft Entertainment\Wheelman\Binaries\WheelmanGame-Final.exe:Wheelman
"{AC32CCA6-21AC-4862-959D-44C4D8F408BE}"= TCP:c:\program files\Ubisoft Entertainment\Wheelman\Binaries\WheelmanGame-Final.exe:Wheelman
"{10D9636B-0FA1-4D17-92E5-16AF2CAE64A1}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{A6F941E8-7B2A-4142-9669-DB9E78ABA65D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{291F7DA0-77C9-4F11-8B7F-DAD89F4FC212}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4AC6EB2-BDEC-4A5F-B35C-D3548CAAC877}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58071BF0-C09A-4A9F-94D2-AC8AF676263F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{15139104-E892-4A44-ACA3-5B4FCF119945}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5C884772-E378-4B9E-B394-4F37D1871570}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AB62CA9D-0893-49AC-8452-54B681EBCC59}c:\\program files\\air mouse\\air mouse\\air mouse.exe"= UDP:c:\program files\air mouse\air mouse\air mouse.exe:AirMouse
"UDP Query User{D5350BB8-0BF4-4A0B-89A0-4C2E617AACFB}c:\\program files\\air mouse\\air mouse\\air mouse.exe"= TCP:c:\program files\air mouse\air mouse\air mouse.exe:AirMouse
"TCP Query User{08D8CBBA-1B95-43A2-82A8-ADB65E86ED34}c:\\program files\\ubisoft entertainment\\wheelman\\binaries\\wheelmangame-final.exe"= UDP:c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe:WheelmanGame-Final
"UDP Query User{35F44967-8951-4715-A1F7-48E98510BC15}c:\\program files\\ubisoft entertainment\\wheelman\\binaries\\wheelmangame-final.exe"= TCP:c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe:WheelmanGame-Final
"{49A89240-6E2A-489E-8325-31A3FBB2C70E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{58A6CFF8-85AC-4EC9-9B80-EC389CFEA188}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{59C82D42-156B-45CD-8CE5-9C1ABD983CFC}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C390B291-9E70-4D1E-AF70-9CDB39391C41}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{38AF9758-DCC4-42F8-9CFE-D24771BBF861}c:\\program files\\activision\\call of duty - world at war\\codwaw (2).exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw (2).exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{A4F2704E-752A-4C68-ABA1-9D29DFD76EBF}c:\\program files\\activision\\call of duty - world at war\\codwaw (2).exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw (2).exe:Call of Duty(R): World at War Campaign/Coop
"{6B43F42C-D101-4E51-B01A-EC729D972EE0}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{68E808BE-91D1-4429-80FC-BE0AA5CAF8C0}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9EFE3E2C-6335-4DBA-B529-488BDEFE322F}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{B779FD8B-E814-4799-BAF9-041DA823E9D7}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/05/2008 11:12 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 22:00 108552]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [24/04/2008 23:36 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [06/06/2009 12:48 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [06/06/2009 12:48 298776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06/02/2009 14:24 92800]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [25/04/2008 07:30 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [25/04/2008 07:30 7424]
S2 gupdate1c9f505dcf6ec00;Google Update Service (gupdate1c9f505dcf6ec00);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 20:56 133104]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\System32\drivers\AVerBDA716x.sys [25/04/2008 07:30 1290240]
S3 SMALUSB;Digital Camera Driver;c:\windows\System32\drivers\smallogi.sys [06/12/2003 03:04 9472]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [25/04/2008 07:30 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 19:56]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 19:56]

2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = *.local
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mac.com\homepage
Trusted Zone: runescape.com
Trusted Zone: runescape.com\world78
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\users\Jonny\AppData\Roaming\Mozilla\Firefox\Profiles\t81c55x5.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Jonny\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\users\Jonny\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(5084)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCR90.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2009-07-20 18:15
ComboFix-quarantined-files.txt 2009-07-20 17:15
ComboFix2.txt 2009-07-20 16:12

Pre-Run: 91,418,312,704 bytes free
Post-Run: 90,642,046,976 bytes free

469 --- E O F --- 2009-04-15 10:04
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 20th, 2009, 3:19 pm

i opned up IE and it said it was slow because a script was running so i disabled it then i tried download something from megaupalod and i got bluescreened i started my computer back up and tried windows update and did a windows defender scan and my computer crashed .........
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 20th, 2009, 3:24 pm

My computer is being realy slow
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 4:40 pm

Hi :)

It appears you ran ComboFix twice, you should not have done this but rather just provided the log from the first ComboFix run. This has caused substantial problems as on the second run all active/installed security applications were not disabled.

i opned up IE and it said it was slow because a script was running so i disabled it then i tried download something from megaupalod and i got bluescreened i started my computer back up and tried windows update and did a windows defender scan and my computer crashed .........
No more downloading or uploading of absolutely anything and or running scans on your own please. This is just complicating matters overall.

My computer is being realy slow
I am not surprised in the least. I do hope you have created backups because your machine is in a even worse mess than I anticipated with a lot of erroneous entries in the latest set of logs provided that should not be present.

OK lets see if we can salvage the situation. If no success with the below I will try a manual approach but if further problems arise it might be best just to consider a reformat and reinstallation of the Windows operating system.

Follows the below exactly please, no deviations and if any problems encountered inform myself straight away OK :thumbup:

GooredFix:

Please download GooredFix from one of the locations below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

TFC(Temp File Cleaner):

Note: No need to run this application in admin' mode it auto does this itself.

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please delete this folder:

C:\RSIT

Next:

Make sure that RSIT.exe is still on your Desktop before running the application!

  • Right-click on RSIT.exe and select Run as Administrator to start RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • GooredFix Log.
  • Malwarebytes' Anti-Malware Log.
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 20th, 2009, 5:01 pm

I tried install windows updates and as it restarted the startup repair has come up and is attempting repairs right now
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 5:11 pm

H :)
yarders wrote:I tried install windows updates and as it restarted the startup repair has come up and is attempting repairs right now
You should not have done this, I did ask in my prior post not to do anything on your own, either stop the repair or let it finish.

And absolutely no more self fixes OK!

Then carry out my instructions from my last post, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 20th, 2009, 5:30 pm

sorry i saw your post too late

i managed to log in and do gooredfix

GooredFix by jpshortstuff (12.07.09)
Log created at 22:27 on 20/07/2009 (Jonny)
Firefox version 3.5 (en-GB)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:35 14/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-


bit small isnt it?

if i reinstall windows will all my documents and programs disapeer?
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 5:40 pm

Hi :)

sorry i saw your post too late
OK.

bit small isnt it?
You sound like my wife :lol:

OK levity aside the log produced is fine :thumbup:

if i reinstall windows will all my documents and programs disapeer?
If the need to cross that particular bridge I will advise exactly what to do.

Now please complete all my instructions after GooredFix and post the required logs, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware