please be patient as im trying my best.
thanks again
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Google redirects & spybot,hijack this problems
Started by
arfon.jones
, Oct 11 2009 04:59 PM
133 replies to this topic
#31
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 26 October 2009 - 03:10 PM
please be patient as im trying my best.
thanks again
Register to Remove
#32
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 26 October 2009 - 04:49 PM
I figured it was a typo, though I needed to be sure.
I have yet another exercise for you to do whilst in MiniXP.
Using the Opera browser to view this post, highlight and copy to text the contents of the code box below.
Either click the command prompt icon on the taskbar or double click the Command Prompt icon on the desktop to open a command window.
Right click in the command window and Paste the copied text.
It should execute quickly and close, and a log should open.
Post the contents of that log here please.
I have yet another exercise for you to do whilst in MiniXP.
Using the Opera browser to view this post, highlight and copy to text the contents of the code box below.
dir c:\system~1\_registry* /s>c:\restore.txt notepad c:\restore.txt exit cls
Either click the command prompt icon on the taskbar or double click the Command Prompt icon on the desktop to open a command window.
Right click in the command window and Paste the copied text.
It should execute quickly and close, and a log should open.
Post the contents of that log here please.
Dave
#33
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 28 October 2009 - 12:15 PM
Hello i re ran the DDS bootcd.exe twice one before i pasted the 'reg query' into the command prompt box and one after.
one thing i noticed i couldent get the user hive to open, it stated (ntuser.dat-file not found-please verify thr correct file name was given.
only the HKEY_LOCAL as previousley noted opend
I will run the next exercise in another post complete with log
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 17:42:16.06 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702
============== Pseudo HJT Report ===============
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: rqRHxusp - rqRHxusp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG
2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS
==================== Find3M ====================
2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
==== Installed Programs ======================
2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
============= FINISH: 17:42:23.14 ===============
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 18:01:20.31 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702
============== Pseudo HJT Report ===============
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: rqRHxusp - rqRHxusp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG
2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS
==================== Find3M ====================
2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
==== Installed Programs ======================
2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
============= FINISH: 18:01:23.29 ===============
#34
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 28 October 2009 - 12:21 PM
Hello again
Here is a log of your last exercise
Volume in drive C is system
Volume Serial Number is 4C24-1144
Again thank you
#35
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 28 October 2009 - 10:10 PM
The last exercise was done to see if any System Restore points existed that we might get a good working set of registry hives from. The results show there are none available. 
It was not necessary to run dds twice, though no harm done. What I really need now is the log from the reg query done while having the hives loaded in Registry Editor PE. I will repeat those instructions below.
Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*
Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.
reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.
Now, click Start>Programs>Windows Explorer and expand then select C:\Windows
Look for the file ntbtlog.txt and delete it if present.
Restart the computer, select Boot the hard drive, then begin tapping the F8 key to enable the Advanced Start Menu.
Select Enable Boot Logging from the menu.
When the computer loads as far as it will, restart and go back to MiniXP.
Open Windows Explorer and locate the newly created C:\Windows\ntbtlog.txt file then post it's contents here.
It was not necessary to run dds twice, though no harm done. What I really need now is the log from the reg query done while having the hives loaded in Registry Editor PE. I will repeat those instructions below.
Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*
Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.
reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.
Now, click Start>Programs>Windows Explorer and expand then select C:\Windows
Look for the file ntbtlog.txt and delete it if present.
Restart the computer, select Boot the hard drive, then begin tapping the F8 key to enable the Advanced Start Menu.
Select Enable Boot Logging from the menu.
When the computer loads as far as it will, restart and go back to MiniXP.
Open Windows Explorer and locate the newly created C:\Windows\ntbtlog.txt file then post it's contents here.
Edited by noahdfear, 01 November 2009 - 06:35 PM.
Dave
#36
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 01 November 2009 - 03:42 PM
Here is my DDS log after your last instructions
the hive paths were
HKEY_LOCAL_MACHINE\_REMOTE_SAM
\_REMOTE_SECURITY
\_REMOTE_SOFTWARE
\_REMOTE_SYSTEM
I have deleated the ntbtlog.txt. i will re boot next and post the contents of the new ntbtlog
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 21:22:15.37 on Sun 11/01/2009
============== Pseudo HJT Report ===============
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
==================== Find3M ====================
2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
==== Installed Programs ======================
============= FINISH: 21:22:21.09 ===============
#37
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 01 November 2009 - 03:55 PM
here is my ntbtlog.txt
Service Pack 311 1 2009 20:46:28.500
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SPTDDRV1.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver aliide.sys
Loaded driver cmdide.sys
Loaded driver toside.sys
Loaded driver viaide.sys
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver cpqarray.sys
Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Loaded driver atapi.sys
Loaded driver aha154x.sys
Loaded driver sparrow.sys
Loaded driver symc810.sys
Loaded driver aic78xx.sys
Loaded driver dac960nt.sys
Loaded driver ql10wnt.sys
Loaded driver amsint.sys
Loaded driver asc.sys
Loaded driver asc3550.sys
Loaded driver mraid35x.sys
Loaded driver i2omp.sys
Loaded driver ini910u.sys
Loaded driver ql1240.sys
Loaded driver aic78u2.sys
Loaded driver symc8xx.sys
Loaded driver sym_hi.sys
Loaded driver sym_u3.sys
Loaded driver ABP480N5.SYS
Loaded driver asc3350p.sys
Loaded driver cd20xrnt.sys
Loaded driver ultra.sys
Loaded driver adpu160m.sys
Loaded driver dpti2o.sys
Loaded driver ql1080.sys
Loaded driver ql1280.sys
Loaded driver ql12160.sys
Loaded driver perc2.sys
Loaded driver perc2hib.sys
Loaded driver hpn.sys
Loaded driver cbidf2k.sys
Loaded driver dac2w2k.sys
Loaded driver VIAMRAID.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver PCTCore.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver sisagp.sys
Loaded driver viaagp.sys
Loaded driver viaagp1.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver Mup.sys
Loaded driver alim1541.sys
Loaded driver amdagp.sys
Loaded driver agp440.sys
Loaded driver agpCPQ.sys
Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\processr.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\DRIVERS\Intels51.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\ElbyDelay.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\point32.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS
Loaded driver \SystemRoot\system32\drivers\ALCXSENS.SYS
Loaded driver \SystemRoot\system32\DRIVERS\fetnd5bv.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Did not load driver \systemroot\system32\drivers\gasfkybbgiujrw.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\p3.sys
Loaded driver \SystemRoot\System32\Drivers\StarOpen.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver \systemroot\system32\drivers\rpvnprpipoufniww.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys
Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
#38
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 01 November 2009 - 06:35 PM
Another DDS log is NOT required. Again, what I do need is the results of the reg query, so I'll post those instructions yet again.
Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*
Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.
reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.
Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*
Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.
reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.
Dave
#39
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 01 November 2009 - 06:47 PM
hi
not sure if ive done it correctly but heres my log
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\Select
Current REG_DWORD 0x5
Default REG_DWORD 0x5
Failed REG_DWORD 0x4
LastKnownGood REG_DWORD 0x6
#40
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 01 November 2009 - 07:03 PM
That's perfect! I'll post further instructions soon.
Please double check the ntbtlog.txt and verify that it ends at exactly the place in your post above (just want to make sure the whole thing got posted).
Dave
Register to Remove
#41
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 01 November 2009 - 07:10 PM
Hi
Yes checked the ntbtlog.txt file and ends with cdfs.sys
#42
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 01 November 2009 - 07:39 PM
Lets see if we can remove some of the malware loading points in the registry and get a successful bootup.
Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens.
Connect the network, then using the Opera browser, come back to this post and copy the contents of the code box below to text.
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the new query.txt file on the desktop.
Post it's contents in a reply here and wait for further instructions before doing anything else.
Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens.
Connect the network, then using the Opera browser, come back to this post and copy the contents of the code box below to text.
reg delete "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRHxusp" /f reg delete HKLM\_REMOTE_SYSTEM\ControlSet005\Services\rpvnprpipoufniww /f reg query "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRHxusp">"%userprofile%\desktop\query.txt" reg query HKLM\_REMOTE_SYSTEM\ControlSet005\Services\rpvnprpipoufniww /f>>"%userprofile%\desktop\query.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the new query.txt file on the desktop.
Post it's contents in a reply here and wait for further instructions before doing anything else.
Dave
#43
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 02 November 2009 - 03:35 PM
hello
I ran the last instruction and opend the query.txt file on the desktop but there was nothing writen within.
#44
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 02 November 2009 - 10:03 PM
An empty log suggests the registry editing from the batch was successful. Lets make sure. Boot back to MiniXP and run dds-bootcd again then post the log (do NOT open Registry Editor PE).
Dave
#45
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 03 November 2009 - 04:25 PM
Hello
Here is my latest DDS log
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 21:19:51.71 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702
============== Pseudo HJT Report ===============
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG
==================== Find3M ====================
2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
==== Installed Programs ======================
2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
============= FINISH: 21:19:58.51 ===============
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
