17 replies to this topic

[stubby]

I have ran several anti-virus program to try and rid of a virus or viruses that keep redirecting my web browsers. I ran Malware, AVG, and a couple of others, they find them but more viruses must exists due to the browsers still being redirected. Firefox and Internet Explorer are affected. Suggestions?

[gringo_pr]

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gmer

Download GMER Rootkit Scanner from here.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


information and logs:

In your next post I need the following

1.logs from DDS
2.log from GMER
3.let me know of any problems you may have had
[/list]
Gringo

[stubby]

The Gmer program is not allowing me to save the log. It freezes up for awhile but then I have to reboot. I do have the other 2 logs though. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 2:01:15.65 on Fri 04/30/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2661 [GMT -7:00] AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\AVG\AVG9\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Owner\My Documents\Downloads\Defogger.exe C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ebay.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uURLSearchHooks: H - No File uURLSearchHooks: H - No File mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - Search Helper BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - Gamevance Text BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - MSN Toolbar BHO BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot dRunOnce: [RunNarrator] Narrator.exe dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-641pc_tew-643pi\WlanCU.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://216.105.79.223:5000/VatDec.cab DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} - hxxp://www.catalogds.com/dtd/pvcadview.cab DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {818D6D19-1E5F-4D4E-B4E2-E94F07CD6866} = 209.237.84.13,209.237.84.14 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bx3hhr5a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\divx\divx player\npDivxPlayerPlugin.dll FF - plugin: c:\divx\divx web player\npdivx32.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-27 25096] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-9 52872] R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2009-2-8 6097] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-9 216200] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-9 29512] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-9 242896] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-3-31 33824] R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-29 916760] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-29 308064] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-4-29 2325816] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-29 5888008] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-12-23 38144] R2 WLNdis50;WLan NDIS 5.0 I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2009-12-23 20480] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-9 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-23 122376] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-27 30216] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-27 26120] R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2007-5-9 109856] R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-12-7 521856] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-9 30104] S3 cpuz130;cpuz130;\??\c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys [?] S3 cpuz132;cpuz132;c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [2010-4-4 17056] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-12-9 175872] S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2009-2-8 299923] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-6-7 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-1-21 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-1-21 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-1-21 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-1-21 25704] S4 GS In-Game Service;GS In-Game Service;c:\atari\arma\gametracker\GSInGameService.exe [2010-1-14 1643872] S4 gupdate1c9e872c7752ed2;Google Update Service (gupdate1c9e872c7752ed2);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] =============== Created Last 30 ================ 2010-04-30 08:58:55 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-04-30 05:32:16 0 d-sh--w- c:\documents and settings\owner\IECompatCache 2010-04-30 05:31:32 0 d-sh--w- c:\documents and settings\owner\PrivacIE 2010-04-30 05:17:23 0 d-sh--w- c:\documents and settings\owner\IETldCache 2010-04-30 05:13:47 0 dc-h--w- c:\windows\ie8 2010-04-30 04:14:36 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2010-04-30 04:14:36 75264 ----a-w- c:\windows\system32\unacev2.dll 2010-04-30 04:14:36 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2010-04-30 04:14:36 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2010-04-30 04:14:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2010-04-30 04:14:34 0 d-----w- c:\program files\Trojan Remover 2010-04-30 04:14:34 0 d-----w- c:\docume~1\owner\applic~1\Simply Super Software 2010-04-30 04:14:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software 2010-04-30 02:01:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-28 22:45:43 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-04-28 22:45:04 9046 ----a-w- c:\windows\system32\nvinfo.pb 2010-04-28 22:45:04 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-04-28 22:45:02 11647592 ----a-w- c:\windows\system32\nvcompiler.dll 2010-04-28 22:44:57 0 d-----w- C:\NVIDIA 2010-04-28 22:38:27 0 d-----w- c:\program files\SystemRequirementsLab 2010-04-25 15:38:37 0 d-----w- c:\program files\Steam 2010-04-24 04:37:04 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2010-04-23 20:27:14 0 d-----w- c:\windows\system32\NtmsData 2010-04-23 08:25:16 0 d-----w- c:\program files\ESET 2010-04-23 04:18:01 0 d-----w- c:\windows\system32\wbem\Repository 2010-04-22 07:27:29 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-04-22 07:27:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-22 07:27:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-22 07:27:13 0 d-----w- C:\Malwarebytes' Anti-Malware 2010-04-22 07:27:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-04-22 05:26:03 0 d-----w- C:\Combat Arms hack pics 2010-04-21 06:20:43 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-17 18:53:57 0 d-----w- C:\.jagex_cache_32 2010-04-16 20:26:30 41872 ----a-w- c:\windows\system32\xfcodec.dll 2010-04-11 19:30:31 1017847 ----a-w- C:\obamafollowers.gif 2010-04-11 10:10:33 0 d-----w- c:\docume~1\owner\applic~1\Unity 2010-04-05 23:48:11 0 d-----w- c:\docume~1\owner\applic~1\TeamViewer 2010-04-05 23:47:51 0 d-----w- c:\program files\TeamViewer 2010-04-05 04:42:18 782336 ----a-r- c:\windows\system32\tmpE0B.tmp 2010-04-05 04:42:18 782336 ----a-r- c:\windows\system32\tmpE0A.tmp 2010-04-05 04:27:36 19968 ----a-w- C:\ARMA GOLD ACTIVATION KEY.doc 2010-04-05 03:31:50 232 ----a-w- c:\windows\reimage.ini 2010-04-05 03:31:10 0 d-----w- c:\program files\Reimage 2010-04-05 02:52:24 0 d-----w- C:\ARMAUpdate_1_14 2010-04-05 02:22:15 55 ----a-w- c:\windows\ProductKeyExplorer.INI 2010-04-05 02:21:03 0 d-----w- C:\Nsasoft 2010-04-05 02:08:29 0 d-----w- C:\keyfinder.2.0.1 2010-04-04 03:55:54 0 d-----w- c:\docume~1\owner\applic~1\ArmA II Launcher 2010-04-04 03:55:42 1835198 ----a-w- C:\ArmA II Launcher.exe 2010-04-04 02:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-04-04 02:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-04-04 02:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-04-04 02:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-04 02:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-04-04 02:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-04-04 02:22:32 66714 ----a-w- c:\windows\system32\NvwsApps.xml 2010-04-04 02:22:32 276202 ----a-w- c:\windows\system32\NvApps.xml 2010-04-01 04:53:39 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys 2010-03-31 21:24:48 1819 ----a-w- c:\windows\ST5UNST.000 2010-03-31 21:23:00 71680 ----a-w- c:\windows\ST5UNST.EXE 2010-03-31 21:23:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll ==================== Find3M ==================== 2010-04-30 02:01:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-30 02:01:45 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys 2010-04-30 02:01:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-30 02:01:18 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-04-30 01:11:53 64512 ----a-w- c:\windows\system32\drivers\serial.sys 2010-04-24 18:07:31 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-04-24 18:07:22 214864 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-04-21 22:48:27 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-04-18 18:13:03 75 -c--a-w- c:\documents and settings\owner\jagex_runescape_preferences2.dat 2010-04-18 18:13:03 41 -c--a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat 2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll 2010-04-03 22:55:31 600680 -c--a-w- c:\windows\system32\nvudisp.exe 2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll 2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll 2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll 2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin 2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll 2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll 2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll 2010-04-03 22:55:31 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-04-02 23:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-03-25 07:26:01 28504 -c--a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT 2010-03-24 17:21:26 0 ----a-w- c:\documents and settings\owner\jagex__preferences3.dat 2010-03-11 09:17:14 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys 2010-03-03 01:14:34 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-03-03 01:14:34 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll ============= FINISH: 2:02:29.90 ===============

Attached Files

•  Attach.txt   15.17KB   656 downloads
•  Attach.txt   15.17KB   369 downloads

[gringo_pr]

I would like you to delete the Gmer you have now and download this version from here.

GMER:

I would like you to download this "special version of gmer." and save it to your desktop.

• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..

• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • IAT/EAT
  • devices(don't miss this one) <--this one is different than the picture
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If Gmer runs then please give me the log and pass on the next step.

If Gmer still does not run and Only if it does not run please do the following.

I would like you to try and run Gmer in Safe mode to enter safe mode do the following.

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

If Gmer does run to the end please send me the log in your next reply and If it still does not run please let me know and we will try something else

"information and logs"

• In your next post I need the following
  
  
• log from Gmer
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

[stubby]

No luck. When I go to save the log the computer locks up and I have to reboot. Is it possible I do a screen shot of the results and send it in?

[stubby]

I can not get Gmer to copy or save the log file. Every time I try the computer locks up or freezes and I have to reboot and start process over again. Any suggestions? Thanks

[gringo_pr]

Hello try unchecking all but sections and files - if it still does not work then just leave sections checked and uncheck the rest gringo

[stubby]

Still no luck. Doing the same thing, locking up when I copy the data into notebook. How about taking a picture of the screen results and sending in jpeg format?

[gringo_pr]

Hello

please do the following

Run Combofix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.
Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the report in your next post:

C:\ComboFix.txt
[/list]
"information and logs"

• In your next post I need the following
  
  
• Log from Combofix
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

[stubby]

Here is ComboFix's log

ComboFix 10-05-02.02 - Owner 05/03/2010 1:45.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.3080 [GMT -7:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate
C:\Thumbs.db

Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 17:33 . 2010-02-28 03:46 3691384 ----a-w- c:\documents and settings\Owner\Application Data\Simply Super Software\Trojan Remover\pcqE8.exe
2010-04-30 09:02 . 2010-04-30 09:03 -------- d-----w- C:\browser problems
2010-04-30 05:32 . 2010-04-30 05:32 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-04-30 05:31 . 2010-04-30 05:31 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-04-30 05:27 . 2010-04-30 05:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-30 05:17 . 2010-04-30 05:17 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2010-04-30 05:16 . 2010-04-30 05:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-30 05:13 . 2010-04-30 05:14 -------- dc-h--w- c:\windows\ie8
2010-04-30 04:14 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-30 04:14 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-30 04:14 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-30 04:14 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-30 04:14 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-30 04:14 . 2010-04-30 04:14 -------- d-----w- c:\program files\Trojan Remover
2010-04-30 04:14 . 2010-04-30 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2010-04-30 04:14 . 2010-04-30 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-04-30 04:13 . 2010-04-30 04:13 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-30 02:02 . 2010-04-30 02:02 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-30 02:02 . 2010-04-30 02:02 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-04-30 02:02 . 2010-04-30 02:02 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-04-30 02:02 . 2010-04-30 02:02 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-04-30 02:02 . 2010-04-30 02:02 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-04-30 02:02 . 2010-04-30 02:02 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-04-30 02:02 . 2010-04-30 02:02 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-04-30 02:02 . 2010-04-30 02:02 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-04-30 02:02 . 2010-04-30 02:02 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-04-30 02:01 . 2010-04-30 02:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-28 22:45 . 2010-04-28 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-28 22:45 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-28 22:45 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-28 22:44 . 2010-04-28 22:44 -------- d-----w- C:\NVIDIA
2010-04-28 22:38 . 2010-04-28 22:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-28 22:38 . 2010-04-28 22:38 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-04-28 22:38 . 2010-04-28 22:38 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-04-28 22:38 . 2010-04-28 22:38 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-04-28 22:38 . 2010-04-28 22:38 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-04-28 22:38 . 2010-04-28 22:38 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2010-04-27 08:41 . 2009-11-25 20:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-04-25 15:38 . 2010-04-29 02:26 -------- d-----w- c:\program files\Steam
2010-04-24 04:55 . 2010-04-24 04:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2010-04-24 04:47 . 2010-04-30 01:50 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-24 04:47 . 2010-04-30 01:50 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-24 04:37 . 2010-04-27 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-23 20:27 . 2010-04-23 20:27 -------- d-----w- c:\windows\system32\NtmsData
2010-04-23 08:25 . 2010-04-23 08:25 -------- d-----w- c:\program files\ESET
2010-04-23 07:09 . 2010-04-23 07:09 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-04-23 04:18 . 2010-04-23 04:18 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-22 07:27 . 2010-04-22 07:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-22 07:27 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-22 07:27 . 2010-04-30 04:13 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-04-22 07:27 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 07:27 . 2010-04-22 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-22 05:26 . 2010-04-22 05:29 -------- d-----w- C:\Combat Arms hack pics
2010-04-21 07:37 . 2010-04-21 07:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-04-21 06:20 . 2010-04-21 06:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-21 06:20 . 2010-04-28 09:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-21 03:54 . 2010-04-21 03:54 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2010-04-19 21:37 . 2010-04-19 21:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\spbirtcrr
2010-04-19 16:55 . 2010-04-30 01:50 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-17 18:53 . 2010-04-17 18:53 -------- d-----w- C:\.jagex_cache_32
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-11 10:10 . 2010-04-11 10:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2010-04-11 10:08 . 2010-04-11 10:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity
2010-04-05 23:48 . 2010-04-05 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2010-04-05 23:47 . 2010-04-28 07:36 -------- d-----w- c:\program files\TeamViewer
2010-04-05 04:44 . 2010-04-29 00:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ArmA
2010-04-05 03:31 . 2010-04-05 03:38 -------- d-----w- c:\program files\Reimage
2010-04-05 02:52 . 2010-04-05 02:52 -------- d-----w- C:\ARMAUpdate_1_14
2010-04-05 02:21 . 2010-04-05 02:21 -------- d-----w- C:\Nsasoft
2010-04-05 02:08 . 2010-04-05 02:08 -------- d-----w- C:\keyfinder.2.0.1
2010-04-04 03:55 . 2010-04-04 03:55 -------- d-----w- c:\documents and settings\Owner\Application Data\ArmA II Launcher
2010-04-04 03:55 . 2010-03-31 22:36 1835198 ----a-w- C:\ArmA II Launcher.exe
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 08:33 . 2009-01-26 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-05-03 05:08 . 2008-12-09 06:30 36496 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-03 04:20 . 2009-01-26 08:08 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-05-03 04:13 . 2009-11-28 05:35 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-05-03 01:39 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2010-05-02 17:34 . 2009-10-27 08:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-05-02 16:29 . 2009-10-27 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-30 02:01 . 2008-12-09 07:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-30 02:01 . 2008-12-09 07:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-30 02:01 . 2009-10-27 08:42 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-30 02:01 . 2008-12-09 07:40 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-30 02:01 . 2008-12-09 07:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-30 01:50 . 2010-04-07 15:57 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-28 22:46 . 2009-12-23 16:16 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-28 09:50 . 2009-07-22 08:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 07:33 . 2010-01-15 00:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\GameTracker
2010-04-25 01:13 . 2010-01-27 05:43 -------- d-----w- c:\program files\Microsoft
2010-04-24 19:41 . 2009-07-01 05:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2010-04-24 18:07 . 2009-04-26 21:55 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-24 18:07 . 2009-04-26 21:54 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-23 20:31 . 2008-12-10 13:14 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-04-23 20:27 . 2008-12-12 19:45 -------- d-----w- c:\program files\HP
2010-04-23 20:24 . 2008-12-09 05:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 14:08 . 2009-12-01 23:44 -------- d-----w- c:\program files\spamGamevance
2010-04-22 23:49 . 2009-09-15 22:59 -------- d-----w- c:\program files\LucasArts
2010-04-21 22:48 . 2009-04-26 21:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-18 18:13 . 2010-03-26 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-04-18 18:13 . 2010-03-26 04:11 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft
2010-04-18 18:13 . 2009-09-11 00:30 75 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-04-18 18:13 . 2009-01-25 21:23 41 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-04-12 15:47 . 2009-04-18 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2010-04-11 19:33 . 2010-02-10 06:07 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-04-11 19:33 . 2010-02-10 06:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-04-10 12:23 . 2008-12-10 14:09 -------- d-----w- c:\program files\Google
2010-04-06 22:21 . 2009-01-12 09:03 65 -c--a-w- c:\windows\popcinfot.dat
2010-04-03 22:55 . 2009-07-20 15:58 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2009-07-20 15:58 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-07-20 15:58 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-07-20 15:58 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2008-12-09 05:41 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2008-02-25 04:29 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-02-25 04:29 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2008-02-25 04:29 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2008-02-25 04:29 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2008-02-25 04:29 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2008-02-25 04:29 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-02 23:54 . 2008-12-09 05:39 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-01 04:53 . 2010-04-01 04:53 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-03-31 08:07 . 2010-03-31 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-03-31 07:39 . 2010-03-31 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2010-03-27 06:15 . 2010-01-15 00:06 -------- d-----w- c:\documents and settings\Owner\Application Data\GameTracker
2010-03-26 07:34 . 2010-01-28 01:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-26 04:21 . 2010-03-26 04:12 -------- d-----w- c:\program files\ArcSoft
2010-03-26 04:14 . 2010-03-26 04:11 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-03-25 16:18 . 2010-03-25 16:18 -------- d-----w- c:\program files\Common Files\Skype
2010-03-24 17:21 . 2010-03-24 17:21 0 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-03-24 00:26 . 2010-03-24 00:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Down Under Woot woot
2010-03-11 14:39 . 2008-12-14 04:57 -------- d-----w- c:\program files\RegCure
2010-03-11 09:17 . 2010-03-11 09:17 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-03 01:14 . 2009-08-09 02:21 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-03 01:14 . 2009-08-09 02:21 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-27 16:41 . 2010-02-27 16:39 352 ----a-w- c:\documents and settings\All Users\Application Data\MecSoft Corporation\AlibreCAM 2.0\WinAC200prdlc.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 05:35 . 2010-02-24 05:35 14846 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 20:31 . 2010-02-12 07:30 210432 ----a-w- c:\documents and settings\Owner\Application Data\ArmA II Launcher\gslist.exe
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 20:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe [2009-12-23 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-30 02:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-04-30 02:01 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 18:21 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 21:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 23:49 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-21 08:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-19 01:55 451872 -c--a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-16 20:21 28672 -c--a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 23:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-06-13 17:39 73728 -c--a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-28 09:18 17331200 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 18:49 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-26 23:27 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-10 14:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TapiSrv"=3 (0x3)
"LightScribeService"=2 (0x2)
"IJPLMSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"ATI Smart"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"npggsvc"=3 (0x3)
"gupdate1c9e872c7752ed2"=2 (0x2)
"SCardSvr"=3 (0x3)
"AVGIDSAgent"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"TeamViewer5"=2 (0x2)
"SeaPort"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)
"ClipSrv"=3 (0x3)
"nSvcIp"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"GS In-Game Service"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACDaemon"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Battlefield 2\\BF2.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Atari\\ArmA\\arma.exe"=
"c:\\Atari\\ArmA\\arma_server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57676:TCP"= 57676:TCP:Pando Media Booster
"57676:UDP"= 57676:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/27/2009 1:42 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/9/2008 12:40 AM 52872]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2/8/2009 1:17 AM 6097]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2008 12:40 AM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/9/2008 12:40 AM 242896]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [3/31/2010 9:53 PM 33824]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/29/2010 7:01 PM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/29/2010 7:01 PM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4/29/2010 7:01 PM 2325816]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/23/2009 10:05 AM 38144]
R2 WLNdis50;WLan NDIS 5.0 I/O Control;c:\windows\system32\drivers\WLNdis50.sys [12/23/2009 10:05 AM 20480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/9/2008 12:40 AM 30104]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [5/9/2007 7:26 PM 109856]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [12/7/2009 11:07 AM 521856]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/9/2008 12:40 AM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/29/2010 7:01 PM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4/23/2010 9:40 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/27/2009 1:41 AM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/27/2009 1:41 AM 26120]
S3 cpuz130;cpuz130;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/9/2008 12:05 AM 175872]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2/8/2009 1:17 AM 299923]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 2:17 AM 25088]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [6/7/2009 3:02 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [1/21/2010 8:12 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [1/21/2010 8:12 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [1/21/2010 8:12 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [1/21/2010 8:12 PM 25704]
S4 GS In-Game Service;GS In-Game Service;c:\atari\ArmA\GameTracker\GSInGameService.exe [1/14/2010 5:06 PM 1643872]
S4 gupdate1c9e872c7752ed2;Google Update Service (gupdate1c9e872c7752ed2);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 12:53 PM 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-19 01:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 19:53]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 19:53]

2010-05-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2009-08-25 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-05-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{B11DC94C-FC32-41C0-8CBD-5411DC48E10A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Read EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {818D6D19-1E5F-4D4E-B4E2-E94F07CD6866} = 209.237.84.13,209.237.84.14
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://216.105.79.223:5000/VatDec.cab
DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} - hxxp://www.catalogds.com/dtd/pvcadview.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bx3hhr5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension\components\FirefoxMenu.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-UnityWebPlayer - c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 01:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1580818891-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-57989841-1580818891-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,a0,25,49,aa,b7,47,1b,8d,a9,06,75,c6,37,16,d7,8d,5f,94,e5,d3,44,6b,
da,cf,b3,2a,34,a5,5a,ce,18,7c,ca,f6,a7,8c,be,ea,65,b1,c8,5a,9b,b0,8a,ac,67,\
"??"=hex:38,75,d6,96,1b,f0,33,56,98,85,93,1b,de,32,4b,f4

[HKEY_USERS\S-1-5-21-57989841-1580818891-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:7f,14,1d,86,1e,18,ba,57,a7,10,e1,0b,2b,ec,1e,35,90,fd,6e,70,de,
fd,e9,58,6b,e5,69,65,89,7c,a1,bf,be,95,3a,1f,f2,10,35,ea,48,ec,28,bd,37,03,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1332)
c:\windows\system32\nvLsp.dll
.
Completion time: 2010-05-03 01:53:29
ComboFix-quarantined-files.txt 2010-05-03 08:53
ComboFix2.txt 2009-12-23 17:56

Pre-Run: 348,729,344,000 bytes free
Post-Run: 351,069,097,984 bytes free

- - End Of File - - EB8E245743E5C68BBB7E91AE9705214D

No problems encountered during Combo's run.

Not sure yet if the viruses are still there. I will let you know.

[gringo_pr]

Hello

These logs are looking good. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.3

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
• An update should begin;
• follow the prompts
• After the update is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

:Kaspersky scan:

• Please go to Kaspersky website and perform an online antivirus scan.
  
  
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• Log From Kaspersky
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

[stubby]

No problems occurred during virus scans. It did find some more viruses. Mbam and Kaspersky logs attached. Unsure status of browser.

Attached Files

•  kaspersky.txt   3.65KB   324 downloads
•  mbam_log_2010_05_03__08_26_07_.txt   893bytes   238 downloads

[gringo_pr]

Hello stubby

Those logs look good, everything Kaspersky found is in outlook sent items folder - go in to outlook and delete all the emails in the sent folder.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

:Uninstall ComboFix:

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

:DeFogger:

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

:Make your Internet Explorer more secure:

please visit this page that gives instructions to do this
http://surfthenetsaf.../ieseczone8.htm

:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

• you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also
  
  I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
• Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee.
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints
If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:


Gringo

[stubby]

This is interesting, I can not find the DeFogger run tool. Opps, now what? Everything appears to be running fine with FireFox. So far, not one redirect yet. Awesome.

[gringo_pr]

Hello If you did not download it from my first post than don't worry about it, if you did just redownload it again and run the tool. Gringo