Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Google search links sending me to spam\ad websites

This is a discussion on Google search links sending me to spam\ad websites within the Resolved HJT Threads forums, part of the Tech Support Forum category. Problem: When I search google and then click on the search results I am sent to different websites that are


 
 
Thread Tools Search this Thread
Old 09-28-2010, 11:59 PM   #1
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



Problem: When I search google and then click on the search results I am sent to different websites that are filled with spam\adsense ads.
edit: not just google links just did it to me when I was at IMDB too when I searched a movie.

I have ran malwarebtyes, combofix, unhackme, avg, and ran an online scan. Probably should not have done all this before I located the problem looking back. I do not have access to a boot cd.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 2:13:47.51 on Wed 09/29/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2042 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\UnHackMe\gwebupdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dan\Desktop\ARO2010_mt.exe
C:\DOCUME~1\Dan\LOCALS~1\Temp\is-A03QS.tmp\ARO2010_mt.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251472754890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/peggle/sis/popcaploader_v10_en.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\lm806m9v.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dan\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-28 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-28 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-28 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-28 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-28 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-28 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-28 692496]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-19 112512]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-6-19 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-6-19 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-7-7 9472]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-9-29 35816]

=============== Created Last 30 ================

2010-09-29 06:07:52 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-09-29 05:54:22 0 d-----w- C:\Combo-Fix9452C
2010-09-29 05:40:37 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40:37 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40:35 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32:52 0 d-----w- C:\Combo-Fix23136C
2010-09-29 05:31:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-28 22:59:14 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52:32 0 d-----w- c:\program files\Panda Security
2010-09-28 21:33:08 0 d-sha-r- C:\cmdcons
2010-09-28 21:29:48 98816 ----a-w- c:\windows\sed.exe
2010-09-28 21:29:48 77312 ----a-w- c:\windows\MBR.exe
2010-09-28 21:29:48 256512 ----a-w- c:\windows\PEV.exe
2010-09-28 21:29:48 161792 ----a-w- c:\windows\SWREG.exe
2010-09-28 21:29:42 0 d-----w- C:\Combo-Fix
2010-09-28 21:02:16 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01:59 0 d-----w- c:\program files\UnHackMe
2010-09-27 09:47:17 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-09-27 09:47:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-27 09:45:54 0 d-----w- C:\Temp
2010-09-27 08:52:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

============= FINISH: 2:13:56.01 ===============
Attached Files
File Type: zip Attach.zip (32.8 KB, 5 views)

__________________
dannywisc is offline  
Old 10-02-2010, 02:25 AM   #2
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



bump...Still same re-direct

__________________
dannywisc is offline  
Old 10-02-2010, 06:13 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi

Please do the following:



Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.



NEXT


It's been a few days, so lets see another DDS Log

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Scan With RootKitUnHooker
  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-02-2010, 12:15 PM   #4
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



MBR:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xB9F23000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 pavboot.sys
0xBA0C8000 VolSnap.sys
0xB9E49000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E29000 fltMgr.sys
0xB9E17000 sr.sys
0xBA0F8000 Lbd.sys
0xBA5AC000 DLACDBHM.SYS
0xB9E00000 DRVMCDB.SYS
0xBA108000 PxHelp20.sys
0xB9DE9000 KSecDD.sys
0xB9D5C000 Ntfs.sys
0xB9D49000 inspect.sys
0xB9D1C000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D02000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB857A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8566000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8542000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB851A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB84FC000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8185000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xBA168000 \SystemRoot\system32\DRIVERS\o2sdg.sys
0xB816D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xBA178000 \SystemRoot\system32\DRIVERS\o2mdg.sys
0xB9C89000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8139000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA198000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB80BD000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB90EE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB809A000 \SystemRoot\system32\DRIVERS\ks.sys
0xB90DE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA69F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB90CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9BD5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8083000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB90BE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB90AE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8072000 \SystemRoot\system32\DRIVERS\psched.sys
0xB909E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9BCD000 \SystemRoot\system32\DRIVERS\pnetmdm.sys
0xBA478000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8042000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB908E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7FE4000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BBD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA278000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA288000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA612000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA30EB000 \SystemRoot\system32\drivers\sthda.sys
0xA30C7000 \SystemRoot\system32\drivers\portcls.sys
0xA5A1A000 \SystemRoot\system32\drivers\drmk.sys
0xA30AB000 \SystemRoot\system32\drivers\AESTAud.sys
0xA4EA7000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA308C000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA65E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA48D9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA660000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3A8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x9E5BE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9E5B6000 \SystemRoot\System32\drivers\vga.sys
0xBA634000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA636000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9E5AE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9DCC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9E62B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9CE72000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9CE19000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9DCC1000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x9CDF3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9CDB9000 \SystemRoot\System32\Drivers\avgtdix.sys
0x9E0CA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E0BA000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9CD91000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9CD6F000 \SystemRoot\System32\drivers\afd.sys
0x9DA64000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9CD44000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9CCD4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DA54000 \SystemRoot\System32\Drivers\Fips.SYS
0x9DCB1000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9CCA0000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9CBC6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA4DC6000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D613000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF296000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA55DF000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9D874000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x9CB6D000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xA5549000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xA4E8F000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xA5541000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xA486C000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x9CB57000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x9CB40000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0x9D974000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D970000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x9C9C3000 \SystemRoot\system32\drivers\wdmaud.sys
0x9DA84000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C948000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9C851000 \SystemRoot\system32\DRIVERS\srv.sys
0x9BBFF000 \SystemRoot\System32\Drivers\HTTP.sys
0x9BAE4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
888 C:\WINDOWS\system32\smss.exe
972 csrss.exe
996 C:\WINDOWS\system32\winlogon.exe
1048 C:\WINDOWS\system32\services.exe
1060 C:\WINDOWS\system32\lsass.exe
1252 C:\WINDOWS\system32\svchost.exe
1320 svchost.exe
1372 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1400 C:\WINDOWS\system32\svchost.exe
1512 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1592 svchost.exe
1640 svchost.exe
1812 C:\Program Files\AVG\AVG9\avgchsvx.exe
1820 C:\Program Files\AVG\AVG9\avgrsx.exe
1960 C:\Program Files\AVG\AVG9\avgcsrvx.exe
200 C:\WINDOWS\system32\spoolsv.exe
288 C:\drivers\audio\R211990\stacsv.exe
656 svchost.exe
708 C:\Program Files\AVG\AVG9\avgwdsvc.exe
748 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
792 C:\Program Files\Java\jre6\bin\jqs.exe
828 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
968 C:\WINDOWS\system32\drivers\o2flash.exe
1268 pg_ctl.exe
1708 C:\Program Files\AVG\AVG9\avgnsx.exe
1748 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1860 postgres.exe
1804 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2180 C:\WINDOWS\system32\svchost.exe
2280 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
2492 postgres.exe
2564 C:\WINDOWS\system32\searchindexer.exe
2572 postgres.exe
2580 postgres.exe
2592 postgres.exe
2612 postgres.exe
2972 wmiprvse.exe
3112 wmiprvse.exe
3744 alg.exe
3396 C:\WINDOWS\system32\wscntfy.exe
3516 C:\WINDOWS\explorer.exe
3684 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
800 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3612 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3696 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3816 C:\Program Files\PdaNet for Android\PdaNetPC.exe
2476 C:\WINDOWS\system32\wbem\unsecapp.exe
2264 C:\Program Files\Mozilla Firefox\firefox.exe
2932 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3408 C:\WINDOWS\system32\searchprotocolhost.exe
1444 searchfilterhost.exe
432 C:\Documents and Settings\Dan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS723225L9A362, Rev: FCDOC39F

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!
ATTATCH:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2009 7:17:59 PM
System Uptime: 9/30/2010 8:56:52 AM (1 hours ago)

Motherboard: Dell Inc. | | 0P993J
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2526/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 143.739 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/29/2010 3:46:50 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced Registry Optimizer
AIM 6
AVG Free 9.0
Bodog Hand Grabber 1.14
Bodog Poker
Brain Workshop 4.4
Cake Poker
Choice Guard
COMODO Internet Security
Dell Support Center
Dell Touchpad
Full Tilt Poker
Google Talk Plugin
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WinUsb 1.0
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 6.0 Parser (KB927977)
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PdaNet for Android 2.42
Peggle Deluxe
PokerStars
PokerStove version 1.23
PostgreSQL 8.3
PowerDVD DX
RegRun Reanimator
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
SpywareBlaster 4.4
UB
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Presentation Foundation
Windows Search 4.0
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/29/2010 3:22:22 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 3:22:21 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 3:22:21 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/29/2010 3:22:19 PM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 3:22:16 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 3:22:16 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 1:45:14 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/29/2010 1:30:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/29/2010 1:22:11 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 1:21:38 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 1:21:27 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 1:21:22 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/28/2010 5:32:42 PM, error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
9/28/2010 5:27:54 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/28/2010 5:11:26 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
9/28/2010 558 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
9/28/2010 5:04:57 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
9/28/2010 5:02:20 AM, error: PSched [14103] - QoS [Adapter {37435B71-C8A1-46EE-AFD3-1265CC1E218E}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
9/27/2010 5:30:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/27/2010 5:23:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/27/2010 4:52:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/27/2010 4:52:44 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2010 4:52:44 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2010 4:52:44 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2010 4:52:44 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================


DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 15:11:09.81 on Sat 10/02/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2223 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251472754890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/peggle/sis/popcaploader_v10_en.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\lm806m9v.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dan\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-28 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-28 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-28 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-28 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-28 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-28 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-28 692496]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-19 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-6-19 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-6-19 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-7-7 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-9-29 35816]

=============== Created Last 30 ================

2010-09-30 12:51:53 0 ----a-w- c:\documents and settings\dan\defogger_reenable
2010-09-30 12:29:27 0 d-----w- C:\Combo-Fix21958C
2010-09-29 19:48:27 0 d-----w- c:\program files\Greatis
2010-09-29 18:21:51 0 d-----w- c:\program files\SpywareBlaster
2010-09-29 17:30:41 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-29 06:53:08 0 d-----w- c:\program files\MemTurbo 4
2010-09-29 06:07:52 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-09-29 05:54:22 0 d-----w- C:\Combo-Fix9452C
2010-09-29 05:40:37 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40:37 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40:35 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32:52 0 d-----w- C:\Combo-Fix23136C
2010-09-29 05:31:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-28 22:59:14 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52:32 0 d-----w- c:\program files\Panda Security
2010-09-28 21:33:08 0 d-sha-r- C:\cmdcons
2010-09-28 21:29:48 98816 ----a-w- c:\windows\sed.exe
2010-09-28 21:29:48 77312 ----a-w- c:\windows\MBR.exe
2010-09-28 21:29:48 256512 ----a-w- c:\windows\PEV.exe
2010-09-28 21:29:48 161792 ----a-w- c:\windows\SWREG.exe
2010-09-28 21:29:42 0 d-----w- C:\Combo-Fix
2010-09-28 21:02:16 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01:59 0 d-----w- c:\program files\UnHackMe
2010-09-27 09:47:17 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-09-27 09:47:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-27 09:45:54 0 d-----w- C:\Temp
2010-09-27 08:52:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

============= FINISH: 15:11:37.01 ===============

ROOTUNHOOKER:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB857A000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6049792 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB8185000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF296000 C:\WINDOWS\System32\igxpdx32.DLL 3461120 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF058000 C:\WINDOWS\System32\igxpdv32.DLL 2351104 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA30EB000 C:\WINDOWS\system32\drivers\sthda.sys 1490944 bytes (IDT, Inc., IDT PC Audio)
0x9CBC6000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xB9E49000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D5C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB80BD000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x9CCD4000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7FE4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9CE19000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9C851000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9BBFF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9CDB9000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB8139000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 212992 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x9CCA0000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 212992 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB8042000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9C948000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D1C000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9BAE4000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9CD44000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB851A000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9CD91000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9CDF3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA30C7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8542000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB809A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9CD6F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134528 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E29000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xA308C000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 126976 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB84FC000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 122880 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xA30AB000 C:\WINDOWS\system32\drivers\AESTAud.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xB9D02000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x9CB6D000 C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0xB816D000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0x9CB40000 C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9E00000 DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0xB9DE9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8083000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9CB57000 C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x9C9C3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8566000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB9D49000 inspect.sys 77824 bytes (COMODO, COMODO Internet Security Firewall Driver)
0x9CE72000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9E17000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8072000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2C8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA118000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x9E0BA000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xA5A1A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB90EE000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9DA84000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA288000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA128000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA188000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB90CE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB90AE000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA55DF000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x9DA54000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA178000 C:\WINDOWS\system32\DRIVERS\o2mdg.sys 45056 bytes (O2Micro , Gunslinger Test Driver)
0xB90BE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA278000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB908E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB90DE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB909E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9DA64000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9B9BE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\o2sdg.sys 36864 bytes (O2Micro , O2Micro SD Reader Driver)
0xBA108000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9E0CA000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA5541000 C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0xBA478000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0x9DCC9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA486C000 C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x9E5BE000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9DCB1000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xA5549000 C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0xBA3A8000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA458000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA330000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9E5B6000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9DCC1000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0x9E5AE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA468000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA470000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA338000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9D613000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9C89000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9BBD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9D974000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA4E8F000 C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0xA4DC6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA4EA7000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9BD5000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9BCD000 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 12288 bytes (June Fabrics Technology, PdaNet Driver)
0x9E62B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9D970000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA660000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xBA65E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA634000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA636000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA612000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA69F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9D874000 C:\WINDOWS\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA6E2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA48D9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================
__________________
dannywisc is offline  
Old 10-02-2010, 12:34 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Please post the ComboFix log(s)

They should be located at C:\combofix.txt and/or c:\qoobox\combofix2.txt, c:\qoobox\combofix3.txt etc.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-06-2010, 07:04 PM   #6
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



ComboFix 10-09-29.04 - Dan 09/30/2010 8:31.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2054 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-29 19:48 . 2010-09-29 19:48 -------- d-----w- c:\program files\Greatis
2010-09-29 18:21 . 2010-09-29 19:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 18:21 . 2010-09-29 18:23 -------- d-----w- c:\program files\SpywareBlaster
2010-09-29 17:30 . 2010-09-29 17:30 -------- d-----w- c:\program files\Common Files\Java
2010-09-29 17:30 . 2010-09-29 17:30 61440 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-788d5b2c-n\decora-sse.dll
2010-09-29 17:30 . 2010-09-29 17:30 503808 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\msvcp71.dll
2010-09-29 17:30 . 2010-09-29 17:30 499712 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\jmc.dll
2010-09-29 17:30 . 2010-09-29 17:30 348160 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\msvcr71.dll
2010-09-29 17:30 . 2010-09-29 17:30 12800 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-788d5b2c-n\decora-d3d.dll
2010-09-29 17:30 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-29 06:53 . 2010-09-29 06:53 -------- d-----w- c:\program files\MemTurbo 4
2010-09-29 06:07 . 2010-09-29 06:43 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-09-29 05:54 . 2010-09-29 06:01 -------- d-----w- C:\Combo-Fix9452C
2010-09-29 05:40 . 2010-09-29 05:40 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40 . 2010-09-29 05:40 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40 . 2010-09-01 18:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32 . 2010-09-29 05:38 -------- d-----w- C:\Combo-Fix23136C
2010-09-29 05:31 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28 . 2010-09-29 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 00:28 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-28 22:59 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52 . 2010-09-28 21:52 -------- d-----w- c:\program files\Panda Security
2010-09-28 21:29 . 2010-09-28 21:40 -------- d-----w- C:\Combo-Fix
2010-09-28 21:02 . 2010-09-29 05:46 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01 . 2010-09-29 05:40 -------- d-----w- c:\program files\UnHackMe
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:45 . 2010-09-27 09:45 -------- d-----w- C:\Temp
2010-09-27 08:52 . 2010-09-27 08:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47 . 2010-09-27 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-09-23 12:30 . 2010-09-23 12:30 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 12:30 . 2010-09-23 12:30 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 12:30 . 2010-09-23 12:30 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 12:30 . 2010-09-23 12:30 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 12:30 . 2010-09-23 12:30 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 12:30 . 2010-09-23 12:30 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 12:30 . 2010-09-23 12:30 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 12:30 . 2010-09-23 12:30 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 12:30 . 2010-09-23 12:30 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 12:29 . 2010-09-23 12:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 06:55 . 2009-12-30 23:01 64 ---h--w- c:\windows\popcreg.dat
2010-09-30 06:55 . 2009-12-30 23:01 16 ----a-w- c:\windows\popcinfot.dat
2010-09-30 06:05 . 2010-04-17 03:16 0 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-09-30 02:43 . 2009-07-08 22:29 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-09-29 19:27 . 2009-06-19 08:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 17:30 . 2009-06-19 08:48 -------- d-----w- c:\program files\Java
2010-09-29 05:31 . 2009-06-29 17:48 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-09-28 22:20 . 2010-05-25 08:22 -------- d-----w- c:\program files\Lavasoft
2010-09-28 21:44 . 2009-06-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-28 07:11 . 2009-09-10 19:04 -------- d-----w- c:\program files\PokerStars
2010-09-27 08:48 . 2009-06-29 02:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 08:47 . 2009-08-28 04:41 -------- d-----w- c:\program files\UltimateBet
2010-09-27 08:32 . 2009-06-29 00:07 -------- d-----w- c:\program files\AIM6
2010-09-27 04:12 . 2010-08-23 05:34 -------- d-----w- c:\documents and settings\Dan\Application Data\HEM Data
2010-09-27 02:02 . 2009-06-29 03:20 -------- d-----w- c:\program files\Cake Poker
2010-09-16 18:02 . 2009-08-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-18 00:37 . 2009-12-30 23:01 -------- d-----w- c:\program files\PopCap Games
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-06-29 01:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57 . 2009-06-29 00:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:57 . 2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:57 . 2009-06-29 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 314B6C307077C735D5D80A910B68B064 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B145AB16FF73A904D933C83CEDB06D46 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-28_21.39.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-30 00:30 . 2010-09-30 00:30 16384 c:\windows\temp\Perflib_Perfdata_578.dat
- 2008-04-25 16:16 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-25 16:16 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2010-09-29 00:52 . 2010-08-12 12:15 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2009-06-28 23:15 . 2010-09-29 01:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-28 23:15 . 2010-05-25 08:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-06-04 22:17 . 2010-09-04 00:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 22:17 . 2010-09-29 07:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-29 17:30 . 2010-07-17 09:00 153376 c:\windows\system32\javaws.exe
+ 2010-09-29 17:30 . 2010-07-17 09:00 145184 c:\windows\system32\javaw.exe
+ 2010-09-29 17:30 . 2010-07-17 09:00 145184 c:\windows\system32\java.exe
- 2009-06-28 23:17 . 2009-06-19 08:55 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2009-06-28 23:17 . 2010-09-29 17:30 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-09-29 17:30 . 2010-09-29 17:30 180224 c:\windows\Installer\245aba4.msi
+ 2010-09-29 00:22 . 2010-09-29 00:22 1866752 c:\windows\Installer\376cc3.msi
+ 2010-09-29 07:00 . 2010-09-29 07:00 20303872 c:\windows\Installer\50e78.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-7 447952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:25 217088 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 19:57 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-06-29 00:17 1794320 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-29 03:11 133104 ----atw- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-22 03:26 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-22 03:27 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-22 03:26 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 17:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-09-01 18:18 594200 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2010 8:52 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/28/2010 6:59 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 8:14 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 8:14 PM 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 8:17 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 8:17 PM 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:57 PM 308136]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/19/2009 7:41 AM 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/19/2009 7:41 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/19/2009 7:41 AM 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/7/2010 2:43 PM 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/29/2010 1:40 AM 35816]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*NewlyCreated* - NORMANDY
*Deregistered* - klmd25
*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:03]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\lm806m9v.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AROReminder - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 08:35
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-376577450-1836091757-577865912-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\guard32.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-09-30 08:36:11
ComboFix-quarantined-files.txt 2010-09-30 12:36
ComboFix2.txt 2010-09-29 06:01
ComboFix3.txt 2010-09-29 05:38
ComboFix4.txt 2010-09-28 21:40

Pre-Run: 154,158,608,384 bytes free
Post-Run: 154,282,115,072 bytes free

- - End Of File - - BB17ADE1473BA6F39A7D56A83FA84CB6

ComboFix 10-09-27.05 - Dan 09/29/2010 1:55.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2265 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exe
Command switches used :: /u
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 05:40 . 2010-09-29 05:40 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40 . 2010-09-29 05:40 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40 . 2010-09-01 18:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32 . 2010-09-29 05:38 -------- d-----w- C:\Combo-Fix23136C
2010-09-29 05:31 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28 . 2010-09-29 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 00:28 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-28 22:59 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52 . 2010-09-28 21:52 -------- d-----w- c:\program files\Panda Security
2010-09-28 21:29 . 2010-09-28 21:40 -------- d-----w- C:\Combo-Fix
2010-09-28 21:02 . 2010-09-29 05:46 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01 . 2010-09-29 05:40 -------- d-----w- c:\program files\UnHackMe
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:45 . 2010-09-27 09:45 -------- d-----w- C:\Temp
2010-09-27 08:52 . 2010-09-27 08:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47 . 2010-09-27 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-09-23 12:30 . 2010-09-23 12:30 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 12:30 . 2010-09-23 12:30 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 12:30 . 2010-09-23 12:30 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 12:30 . 2010-09-23 12:30 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 12:30 . 2010-09-23 12:30 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 12:30 . 2010-09-23 12:30 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 12:30 . 2010-09-23 12:30 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 12:30 . 2010-09-23 12:30 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 12:30 . 2010-09-23 12:30 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 12:29 . 2010-09-23 12:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 05:31 . 2009-06-29 17:48 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-09-28 22:50 . 2010-04-17 03:16 0 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-09-28 22:20 . 2010-05-25 08:22 -------- d-----w- c:\program files\Lavasoft
2010-09-28 21:44 . 2009-06-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-28 07:11 . 2009-09-10 19:04 -------- d-----w- c:\program files\PokerStars
2010-09-27 09:23 . 2009-12-30 23:01 64 ---h--w- c:\windows\popcreg.dat
2010-09-27 09:23 . 2009-12-30 23:01 16 ----a-w- c:\windows\popcinfot.dat
2010-09-27 08:48 . 2009-06-29 02:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 08:47 . 2009-08-28 04:41 -------- d-----w- c:\program files\UltimateBet
2010-09-27 08:32 . 2009-06-29 00:07 -------- d-----w- c:\program files\AIM6
2010-09-27 08:28 . 2009-07-08 22:29 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-09-27 04:12 . 2010-08-23 05:34 -------- d-----w- c:\documents and settings\Dan\Application Data\HEM Data
2010-09-27 02:02 . 2009-06-29 03:20 -------- d-----w- c:\program files\Cake Poker
2010-09-16 18:02 . 2009-08-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-09 00:31 . 2009-06-19 08:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-18 00:37 . 2009-12-30 23:01 -------- d-----w- c:\program files\PopCap Games
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-06-29 01:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57 . 2009-06-29 00:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:57 . 2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:57 . 2009-06-29 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 314B6C307077C735D5D80A910B68B064 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B145AB16FF73A904D933C83CEDB06D46 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-28_21.39.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-29 05:51 . 2010-09-29 05:51 16384 c:\windows\temp\Perflib_Perfdata_178.dat
+ 2010-09-29 00:52 . 2010-08-12 12:15 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2009-06-28 23:15 . 2010-09-29 01:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 23:15 . 2010-05-25 08:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 23:15 . 2010-09-29 01:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-28 23:15 . 2010-05-25 08:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-29 00:22 . 2010-09-29 00:22 1866752 c:\windows\Installer\376cc3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-7 447952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:25 217088 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 19:57 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-06-29 00:17 1794320 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-29 03:11 133104 ----atw- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-22 03:26 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-22 03:27 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-22 03:26 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 17:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 08:49 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-09-01 18:18 594200 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-08-03 02:20 288048 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2010 8:52 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/28/2010 6:59 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 8:14 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 8:14 PM 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 8:17 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 8:17 PM 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:57 PM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/19/2009 7:41 AM 112512]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/19/2009 7:41 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/19/2009 7:41 AM 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/7/2010 2:43 PM 9472]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/29/2010 1:40 AM 35816]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - PARTIZAN
*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:03]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\lm806m9v.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 02:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-376577450-1836091757-577865912-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\guard32.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-09-29 02:01:53
ComboFix-quarantined-files.txt 2010-09-29 06:01
ComboFix2.txt 2010-09-29 05:38
ComboFix3.txt 2010-09-28 21:40

Pre-Run: 154,070,478,848 bytes free
Post-Run: 154,064,166,912 bytes free

- - End Of File - - D5B36C9F476E334A78C23FD73B7825FF

ComboFix 10-09-27.05 - Dan 09/29/2010 1:33.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2611 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

--------

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 05:31 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 05:31 . 2010-09-29 05:31 5656 ---ha-w- C:\aaw7boot.cmd
2010-09-29 00:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28 . 2010-09-29 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 00:28 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-28 22:59 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:53 . 2010-09-28 21:53 -------- d-----w- c:\windows\LastGood
2010-09-28 21:52 . 2010-09-28 21:52 -------- d-----w- c:\program files\Panda Security
2010-09-28 21:29 . 2010-09-28 21:40 -------- d-----w- C:\Combo-Fix
2010-09-28 21:02 . 2010-09-28 21:02 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01 . 2010-09-28 21:15 -------- d-----w- c:\program files\UnHackMe
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:45 . 2010-09-27 09:45 -------- d-----w- C:\Temp
2010-09-27 08:52 . 2010-09-27 08:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47 . 2010-09-27 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-09-23 12:30 . 2010-09-23 12:30 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 12:30 . 2010-09-23 12:30 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 12:30 . 2010-09-23 12:30 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 12:30 . 2010-09-23 12:30 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 12:30 . 2010-09-23 12:30 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 12:30 . 2010-09-23 12:30 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 12:30 . 2010-09-23 12:30 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 12:30 . 2010-09-23 12:30 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 12:30 . 2010-09-23 12:30 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 12:29 . 2010-09-23 12:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 05:31 . 2009-06-29 17:48 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-09-28 22:50 . 2010-04-17 03:16 0 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-09-28 22:20 . 2010-05-25 08:22 -------- d-----w- c:\program files\Lavasoft
2010-09-28 21:44 . 2009-06-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-28 07:11 . 2009-09-10 19:04 -------- d-----w- c:\program files\PokerStars
2010-09-27 09:23 . 2009-12-30 23:01 64 ---h--w- c:\windows\popcreg.dat
2010-09-27 09:23 . 2009-12-30 23:01 16 ----a-w- c:\windows\popcinfot.dat
2010-09-27 08:48 . 2009-06-29 02:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 08:47 . 2009-08-28 04:41 -------- d-----w- c:\program files\UltimateBet
2010-09-27 08:32 . 2009-06-29 00:07 -------- d-----w- c:\program files\AIM6
2010-09-27 08:28 . 2009-07-08 22:29 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-09-27 04:12 . 2010-08-23 05:34 -------- d-----w- c:\documents and settings\Dan\Application Data\HEM Data
2010-09-27 02:02 . 2009-06-29 03:20 -------- d-----w- c:\program files\Cake Poker
2010-09-16 18:02 . 2009-08-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-09 00:31 . 2009-06-19 08:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-18 00:37 . 2009-12-30 23:01 -------- d-----w- c:\program files\PopCap Games
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-06-29 01:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57 . 2009-06-29 00:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:57 . 2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:57 . 2009-06-29 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 314B6C307077C735D5D80A910B68B064 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B145AB16FF73A904D933C83CEDB06D46 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-28_21.39.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-29 00:52 . 2010-08-12 12:15 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2009-06-28 23:15 . 2010-09-29 01:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 23:15 . 2010-05-25 08:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 23:15 . 2010-09-29 01:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-28 23:15 . 2010-05-25 08:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-29 00:58 . 2010-09-29 01:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-28 23:15 . 2010-05-25 08:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-09-29 00:22 . 2010-09-29 00:22 1866752 c:\windows\Installer\376cc3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-7 447952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:25 217088 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 19:57 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-06-29 00:17 1794320 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-29 03:11 133104 ----atw- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-22 03:26 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-22 03:27 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-22 03:26 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 17:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 08:49 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-08-03 02:20 288048 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2010 8:52 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/19/2009 7:41 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/19/2009 7:41 AM 41760]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/28/2010 6:59 PM 28552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 8:14 PM 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 8:14 PM 243024]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 8:17 PM 132640]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 8:17 PM 24096]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:57 PM 308136]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/19/2009 7:41 AM 112512]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/7/2010 2:43 PM 9472]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:03]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\lm806m9v.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-376577450-1836091757-577865912-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
Completion time: 2010-09-29 01:38:55
ComboFix-quarantined-files.txt 2010-09-29 05:38
ComboFix2.txt 2010-09-28 21:40

Pre-Run: 157,332,086,784 bytes free
Post-Run: 157,316,710,400 bytes free

- - End Of File - - 121E07F17BA5BF482AAC10C1D42920A2

ComboFix 10-09-27.05 - Dan 09/28/2010 17:34:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2265 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan\Application Data\jsdfgs.bat
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 21:02 . 2010-09-28 21:02 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01 . 2010-09-28 21:15 -------- d-----w- c:\program files\UnHackMe
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:45 . 2010-09-27 09:45 -------- d-----w- C:\Temp
2010-09-27 08:52 . 2010-09-27 08:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47 . 2010-09-27 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-09-23 12:30 . 2010-09-23 12:30 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 12:30 . 2010-09-23 12:30 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 12:30 . 2010-09-23 12:30 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 12:30 . 2010-09-23 12:30 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 12:30 . 2010-09-23 12:30 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 12:30 . 2010-09-23 12:30 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 12:30 . 2010-09-23 12:30 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 12:30 . 2010-09-23 12:30 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 12:30 . 2010-09-23 12:30 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 12:29 . 2010-09-23 12:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 21:22 . 2010-04-17 03:16 21420 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-09-28 07:11 . 2009-09-10 19:04 -------- d-----w- c:\program files\PokerStars
2010-09-27 09:23 . 2009-12-30 23:01 64 ---h--w- c:\windows\popcreg.dat
2010-09-27 09:23 . 2009-12-30 23:01 16 ----a-w- c:\windows\popcinfot.dat
2010-09-27 08:48 . 2009-06-29 02:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 08:47 . 2009-08-28 04:41 -------- d-----w- c:\program files\UltimateBet
2010-09-27 08:32 . 2009-06-29 00:07 -------- d-----w- c:\program files\AIM6
2010-09-27 08:28 . 2009-07-08 22:29 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-09-27 07:17 . 2009-06-29 17:48 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-09-27 04:12 . 2010-08-23 05:34 -------- d-----w- c:\documents and settings\Dan\Application Data\HEM Data
2010-09-27 02:02 . 2009-06-29 03:20 -------- d-----w- c:\program files\Cake Poker
2010-09-16 18:02 . 2009-08-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-09 00:31 . 2009-06-19 08:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-18 00:37 . 2009-12-30 23:01 -------- d-----w- c:\program files\PopCap Games
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-06-29 01:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57 . 2009-06-29 00:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:57 . 2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:57 . 2009-06-29 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 314B6C307077C735D5D80A910B68B064 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B145AB16FF73A904D933C83CEDB06D46 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-7 447952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:25 217088 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 19:57 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-06-29 00:17 1794320 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-29 03:11 133104 ----atw- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-22 03:26 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-22 03:27 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-22 03:26 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 17:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 08:49 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-08-03 02:20 288048 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 8:14 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 8:14 PM 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 8:17 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 8:17 PM 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:57 PM 308136]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/19/2009 7:41 AM 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/19/2009 7:41 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/19/2009 7:41 AM 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/7/2010 2:43 PM 9472]
R4 RegGuard;RegGuard;\??\c:\windows\system32\Drivers\regguard.sys --> c:\windows\system32\Drivers\regguard.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - REGGUARD
*Deregistered* - UnHackMeDrv
*Deregistered* - Viewpoint Manager Service
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\lm806m9v.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-376577450-1836091757-577865912-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\guard32.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-09-28 17:40:35
ComboFix-quarantined-files.txt 2010-09-28 21:40

Pre-Run: 153,751,232,512 bytes free
Post-Run: 154,550,538,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DEF948223B0EE0FA634605040A68F1B5
__________________
dannywisc is offline  
Old 10-06-2010, 07:24 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi,

Combofix is reporting the following system files are infected

c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!

It doesn't appear as though there are suitable replacements on your machine, but we can check


If there aren't replacements on the machine, do you have your installation disk handy so we can copy them from the disk?

Also, please check if the following folder exists on your machine

C:\Windows\ServicePackFiles\I386



NEXT


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    *explorer*
    *winlogon*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-06-2010, 08:15 PM   #8
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



No installation disk handy and do not have that folder on my machine.

SystemLook 04.09.10 by jpshortstuff
Log created at 23:13 on 06/10/2010 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "*explorer*"
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK --a---- 779 bytes [21:32 25/04/2008] [21:33 25/04/2008] 5DDF24947E76D413FB17E53B3FC7945F
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.LNK --a---- 767 bytes [21:32 25/04/2008] [21:33 25/04/2008] 4DC1724F0C0E2F0D953195B18E94532E
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.LNK --a---- 1487 bytes [21:32 25/04/2008] [21:28 25/04/2008] 013284C1B84B554802DC938BFF3E147D
C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft\Ad-Aware\Toolbox\Install Download Guard for Internet Explorer.lnk --a---- 1195 bytes [00:22 29/09/2010] [00:22 29/09/2010] C36BB4DD2B9DA0110CF3D1A445D7235D
C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 817 bytes [23:18 28/06/2009] [05:00 09/07/2009] 22FA09845313996428865DCCA4F4BC62
C:\Documents and Settings\Dan\Start Menu\Programs\Internet Explorer.lnk --a---- 805 bytes [23:18 28/06/2009] [05:00 09/07/2009] F3A10283B40A91E559BCDDC0C1AD25A2
C:\Documents and Settings\Dan\Start Menu\Programs\Accessories\Windows Explorer.LNK --a---- 1487 bytes [23:18 28/06/2009] [21:28 25/04/2008] 013284C1B84B554802DC938BFF3E147D
C:\Documents and Settings\Dan\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 835 bytes [05:00 09/07/2009] [05:00 09/07/2009] 6715C2DEC5D21C73DE1DDDF97AD1D619
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK --a---- 779 bytes [23:17 28/06/2009] [21:33 25/04/2008] 5DDF24947E76D413FB17E53B3FC7945F
C:\Documents and Settings\Default User\Start Menu\Programs\Internet Explorer.LNK --a---- 767 bytes [23:17 28/06/2009] [21:33 25/04/2008] 4DC1724F0C0E2F0D953195B18E94532E
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.LNK --a---- 1487 bytes [21:28 25/04/2008] [21:28 25/04/2008] 013284C1B84B554802DC938BFF3E147D
C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK --a---- 817 bytes [01:25 17/07/2009] [01:25 17/07/2009] F0AC0127932BD04790F03F10A210F4B1
C:\Documents and Settings\Guest\Start Menu\Programs\Internet Explorer.lnk --a---- 805 bytes [01:25 17/07/2009] [01:25 17/07/2009] F1534633C27CA0EE1E93C92640981F22
C:\Documents and Settings\Guest\Start Menu\Programs\Accessories\Windows Explorer.LNK --a---- 1487 bytes [01:25 17/07/2009] [21:28 25/04/2008] 013284C1B84B554802DC938BFF3E147D
C:\Documents and Settings\Guest\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 835 bytes [01:25 17/07/2009] [01:25 17/07/2009] 67DD589F736D6C85996A40C82F7AB9C7
C:\Documents and Settings\postgres\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK --a---- 779 bytes [03:08 29/06/2009] [21:33 25/04/2008] 5DDF24947E76D413FB17E53B3FC7945F
C:\Documents and Settings\postgres\Start Menu\Programs\Internet Explorer.LNK --a---- 767 bytes [03:08 29/06/2009] [21:33 25/04/2008] 4DC1724F0C0E2F0D953195B18E94532E
C:\Documents and Settings\postgres\Start Menu\Programs\Accessories\Windows Explorer.LNK --a---- 1487 bytes [03:08 29/06/2009] [21:28 25/04/2008] 013284C1B84B554802DC938BFF3E147D
C:\I386\EXPLORER.EX_ --a---- 356615 bytes [16:11 25/04/2008] [12:00 14/04/2008] D7B59A7EC9CB1429FDCEC84A22228555
C:\I386\EXPLORER.SC_ --a---- 181 bytes [16:11 25/04/2008] [12:00 14/04/2008] BC5B38879C56DFBC05C8B5C43AC4D739
C:\Program Files\Lavasoft\Ad-Aware\Download Guard for Internet Explorer.exe --a---- 1858040 bytes [08:00 27/05/2010] [08:00 27/05/2010] 4C4089B2913915FA5D6029D421B5BFDB
C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys --a---- 15008 bytes [12:15 12/08/2010] [12:15 12/08/2010] 32DA3FDE01F1BB080C2E69521DD8881E
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip --a---- 20394 bytes [02:48 07/03/2006] [02:48 07/03/2006] B469409C2B2A33C542190B720E11BD79
C:\Program Files\Online Services\Use MSN Explorer to sign up for Internet Access (US only).lnk --a---- 1798 bytes [21:26 25/04/2008] [21:26 25/04/2008] 0067AD9D75D0B135B23B1DCC40F705D0
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [16:16 25/04/2008] [12:00 14/04/2008] B145AB16FF73A904D933C83CEDB06D46
C:\WINDOWS\explorer.scf --a---- 80 bytes [16:16 25/04/2008] [12:00 14/04/2008] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf --a---- 67896 bytes [09:13 02/10/2010] [09:13 02/10/2010] 6AD2004CFD4937B32302A807EEE6C5F5
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK --a---- 779 bytes [23:17 28/06/2009] [21:33 25/04/2008] 5DDF24947E76D413FB17E53B3FC7945F
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Internet Explorer.LNK --a---- 767 bytes [23:17 28/06/2009] [21:33 25/04/2008] 4DC1724F0C0E2F0D953195B18E94532E
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.LNK --a---- 1487 bytes [21:31 25/04/2008] [21:28 25/04/2008] 013284C1B84B554802DC938BFF3E147D

Searching for "*winlogon*"
C:\I386\WINLOGON.EX_ --a---- 265069 bytes [16:13 25/04/2008] [12:00 14/04/2008] 063EF1A46C58A731F78AE5AF47070D65
C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [16:16 25/04/2008] [12:00 14/04/2008] 314B6C307077C735D5D80A910B68B064

-= EOF =-
__________________
dannywisc is offline  
Old 10-07-2010, 06:59 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



click on Start > run type cmd and hit enter, a command window will open.

Please type the following text at the command prompt and hit enter:


expand c:\i386\winlogon.ex_ C:\winlogon.exe
expand c:\i386\explorer.ex_ C:\explorer.exe


(note the space between .ex_ and C:\ - it needs to be there)

Please let me know that the command executed properly - you should see something like "expanded to {xxxxxx} bytes, {xx}% increase"

(if you did not get this message do not continue but report back with the error message)

If you received verification the files expanded successfully please do the following:

We need to boot into the recovery console -

Restart your computer

Before Windows loads, you will be prompted to choose which Operating System to start (be fast you only have a couple of seconds)

Use the up and down arrow key to select Microsoft Windows Recovery Console

You must now enter which Windows installation to log onto. (usually 1) Type 1 and press enter.

When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER

A command prompt will open:

At the C:\Windows prompt, type the following bolded text, and press Enter:

ren C:\windows\explorer.exe explorer.bad
ren C:\windows\system32\winlogon.exe winlogon.bad
copy c:\explorer.exe c:\windows\explorer.exe
copy c:\winlogon.exe c:\windows\system32\winlogon.exe


take note of the spaces

make sure you get the message that the file(s) were copied successfully.


If you did not get a message that the files were copied successfully you will have to name explorer.bad & winlogon.bad back to .exe or the computer will not boot.

Once you are done type exit to leave the recovery console and reboot.

Re-run ComboFix - allow it to update if it requests to do so.

Print out these instructions before you start > if you have any questions about this procedure, please ask.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-07-2010, 07:51 AM   #10
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



Everything worked out as you said it would. Here is the combofix log. Thanks for all of the help so far has been awesome.

ComboFix 10-10-06.02 - Dan 10/07/2010 10:44:53.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2221 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
C:\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 14:26 . 2008-04-14 09:42 1033728 ----a-w- c:\windows\explorer.exe
2010-10-07 14:24 . 2008-04-14 09:42 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-10-07 02:08 . 2010-10-07 02:08 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-07 02:08 . 2010-10-07 02:08 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-07 02:08 . 2010-10-07 02:08 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-09-30 12:29 . 2010-09-30 12:36 -------- d-----w- C:\Combo-Fix21958C
2010-09-29 19:48 . 2010-09-29 19:48 -------- d-----w- c:\program files\Greatis
2010-09-29 18:21 . 2010-09-29 19:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 18:21 . 2010-09-29 18:23 -------- d-----w- c:\program files\SpywareBlaster
2010-09-29 17:30 . 2010-09-29 17:30 -------- d-----w- c:\program files\Common Files\Java
2010-09-29 17:30 . 2010-09-29 17:30 61440 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-788d5b2c-n\decora-sse.dll
2010-09-29 17:30 . 2010-09-29 17:30 503808 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\msvcp71.dll
2010-09-29 17:30 . 2010-09-29 17:30 499712 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\jmc.dll
2010-09-29 17:30 . 2010-09-29 17:30 348160 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\msvcr71.dll
2010-09-29 17:30 . 2010-09-29 17:30 12800 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-788d5b2c-n\decora-d3d.dll
2010-09-29 17:30 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-29 06:53 . 2010-09-29 06:53 -------- d-----w- c:\program files\MemTurbo 4
2010-09-29 06:07 . 2010-09-29 06:43 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-09-29 05:54 . 2010-09-29 06:01 -------- d-----w- C:\Combo-Fix9452C
2010-09-29 05:40 . 2010-09-29 05:40 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40 . 2010-09-29 05:40 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40 . 2010-09-01 18:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32 . 2010-09-29 05:38 -------- d-----w- C:\Combo-Fix23136C
2010-09-29 05:31 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28 . 2010-09-29 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 00:28 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-28 22:59 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52 . 2010-09-28 21:52 -------- d-----w- c:\program files\Panda Security
2010-09-28 21:29 . 2010-09-28 21:40 -------- d-----w- C:\Combo-Fix
2010-09-28 21:02 . 2010-09-29 05:46 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01 . 2010-09-29 05:40 -------- d-----w- c:\program files\UnHackMe
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:45 . 2010-09-27 09:45 -------- d-----w- C:\Temp
2010-09-27 08:52 . 2010-09-27 08:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47 . 2010-09-27 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-09-23 12:30 . 2010-09-23 12:30 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 12:30 . 2010-09-23 12:30 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 12:30 . 2010-09-23 12:30 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 12:30 . 2010-09-23 12:30 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 12:30 . 2010-09-23 12:30 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 12:30 . 2010-09-23 12:30 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 12:30 . 2010-09-23 12:30 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 12:29 . 2010-09-23 12:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 02:26 . 2009-07-08 22:29 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-10-03 02:16 . 2009-12-30 23:01 64 ---h--w- c:\windows\popcreg.dat
2010-10-03 02:16 . 2009-12-30 23:01 16 ----a-w- c:\windows\popcinfot.dat
2010-10-02 09:20 . 2010-04-17 03:16 0 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-09-29 19:27 . 2009-06-19 08:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 17:30 . 2009-06-19 08:48 -------- d-----w- c:\program files\Java
2010-09-29 05:31 . 2009-06-29 17:48 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-09-28 22:20 . 2010-05-25 08:22 -------- d-----w- c:\program files\Lavasoft
2010-09-28 21:44 . 2009-06-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-28 07:11 . 2009-09-10 19:04 -------- d-----w- c:\program files\PokerStars
2010-09-27 08:48 . 2009-06-29 02:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 08:47 . 2009-08-28 04:41 -------- d-----w- c:\program files\UltimateBet
2010-09-27 08:32 . 2009-06-29 00:07 -------- d-----w- c:\program files\AIM6
2010-09-27 04:12 . 2010-08-23 05:34 -------- d-----w- c:\documents and settings\Dan\Application Data\HEM Data
2010-09-27 02:02 . 2009-06-29 03:20 -------- d-----w- c:\program files\Cake Poker
2010-09-16 18:02 . 2009-08-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-18 00:37 . 2009-12-30 23:01 -------- d-----w- c:\program files\PopCap Games
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-06-29 01:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57 . 2009-06-29 00:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:57 . 2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:57 . 2009-06-29 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-28_21.39.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-07 14:37 . 2010-10-07 14:37 16384 c:\windows\temp\Perflib_Perfdata_300.dat
- 2008-04-25 16:16 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-25 16:16 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-25 16:16 . 2010-08-12 00:24 80032 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2010-10-07 13:21 80032 c:\windows\system32\perfc009.dat
+ 2010-09-29 00:52 . 2010-08-12 12:15 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
- 2009-06-28 23:15 . 2010-05-25 08:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-28 23:15 . 2010-09-29 01:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-06-04 22:17 . 2010-09-04 00:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 22:17 . 2010-09-29 07:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3782bd88\System.Drawing.Design.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7c6899d4\CustomMarshalers.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-11 07:20 . 2010-06-11 07:20 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 00:24 . 2010-08-12 00:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-25 16:16 . 2010-08-12 00:24 466982 c:\windows\system32\perfh009.dat
+ 2008-04-25 16:16 . 2010-10-07 13:21 466982 c:\windows\system32\perfh009.dat
+ 2010-09-29 17:30 . 2010-07-17 09:00 153376 c:\windows\system32\javaws.exe
+ 2010-09-29 17:30 . 2010-07-17 09:00 145184 c:\windows\system32\javaw.exe
+ 2010-09-29 17:30 . 2010-07-17 09:00 145184 c:\windows\system32\java.exe
- 2009-06-28 23:17 . 2009-06-19 08:55 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2009-06-28 23:17 . 2010-09-29 17:30 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-09-22 13:43 . 2010-09-22 13:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-29 17:30 . 2010-09-29 17:30 180224 c:\windows\Installer\245aba4.msi
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\1aa2a311.msp
+ 2010-10-07 13:19 . 2010-10-07 13:19 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ecc8d61e\System.Drawing.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2215df12\System.Drawing.Design.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5b4a11e4\CustomMarshalers.dll
+ 2010-10-07 13:53 . 2010-10-07 13:53 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 13:44 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-29 00:22 . 2010-09-29 00:22 1866752 c:\windows\Installer\376cc3.msi
+ 2010-09-23 11:39 . 2010-09-23 11:39 4265472 c:\windows\Installer\1aa2a30a.msp
+ 2010-10-07 13:19 . 2010-10-07 13:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_392f9f98\System.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_16f72642\System.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e63f5cf0\System.Xml.dll
+ 2010-10-07 13:20 . 2010-10-07 13:20 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8c240c50\System.Xml.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a32d2ee4\System.Windows.Forms.dll
+ 2010-10-07 13:20 . 2010-10-07 13:20 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_82c78d89\System.Windows.Forms.dll
+ 2010-10-07 13:20 . 2010-10-07 13:20 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e57f6b02\System.Drawing.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_64f11796\System.Design.dll
+ 2010-10-07 13:20 . 2010-10-07 13:20 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5dfdb136\System.Design.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_90c23e80\mscorlib.dll
+ 2010-10-07 13:20 . 2010-10-07 13:20 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3cca49b6\mscorlib.dll
+ 2010-10-07 14:19 . 2010-10-07 14:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-24 18:13 . 2009-08-24 18:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-07 13:22 . 2010-10-07 13:22 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-12 00:24 . 2010-08-12 00:24 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-07 13:21 . 2010-10-07 13:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-11 07:20 . 2010-06-11 07:20 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-07 13:19 . 2010-10-07 13:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-11 07:20 . 2010-06-11 07:20 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-24 18:08 . 2010-09-24 18:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-29 07:00 . 2010-09-29 07:00 20303872 c:\windows\Installer\50e78.msp
+ 2010-09-24 11:08 . 2010-09-24 11:08 17518080 c:\windows\Installer\1aa2a301.msp
+ 2010-10-07 14:19 . 2010-10-07 14:19 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-07 14:19 . 2010-10-07 14:19 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-07 2067808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-7 447952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:25 217088 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-10-07 02:08 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-06-29 00:17 1794320 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-29 03:11 133104 ----atw- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-22 03:26 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-22 03:27 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-22 03:26 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 17:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-09-01 18:18 594200 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2010 8:52 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/28/2010 6:59 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 8:14 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 8:14 PM 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 8:17 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 8:17 PM 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:57 PM 308136]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/19/2009 7:41 AM 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/19/2009 7:41 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/19/2009 7:41 AM 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/7/2010 2:43 PM 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/29/2010 1:40 AM 35816]
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:03]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\lm806m9v.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-376577450-1836091757-577865912-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\guard32.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-10-07 10:50:13
ComboFix-quarantined-files.txt 2010-10-07 14:50
ComboFix2.txt 2010-09-30 12:36
ComboFix3.txt 2010-09-29 06:01
ComboFix4.txt 2010-09-29 05:38
ComboFix5.txt 2010-10-07 14:43

Pre-Run: 153,988,857,856 bytes free
Post-Run: 153,998,397,440 bytes free

- - End Of File - - 611A9166858148AA67BD8F6EE45D7509
__________________
dannywisc is offline  
Old 10-07-2010, 08:37 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



I want to put copies of those files into your dllcache for insurance, it's always good to have backup copies in a handy place on the machine.

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
FCopy::
c:\windows\explorer.exe | C:\windows\system32\dllcache\explorer.exe
c:\windows\system32\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT
  • Open your Malwarebytes' Anti-Malware program and select the update tab, select update now
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.


NEXT


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner:
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


NEXT


Please advise how your computer is running and if there are any outstanding issues
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-07-2010, 11:07 AM   #12
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



ComboFix 10-10-06.03 - Dan 10/07/2010 11:43:50.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2198 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\windows\system32\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 15:43 . 2008-04-14 09:42 507904 -c--a-w- c:\windows\system32\dllcache\winlogon.exe
2010-10-07 15:43 . 2008-04-14 09:42 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2010-10-07 14:26 . 2008-04-14 09:42 1033728 ------w- c:\windows\explorer.exe
2010-10-07 14:24 . 2008-04-14 09:42 507904 ------w- c:\windows\system32\winlogon.exe
2010-10-07 02:08 . 2010-10-07 02:08 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-07 02:08 . 2010-10-07 02:08 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-07 02:08 . 2010-10-07 02:08 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-09-30 12:29 . 2010-09-30 12:36 -------- d-----w- C:\Combo-Fix21958C
2010-09-29 19:48 . 2010-09-29 19:48 -------- d-----w- c:\program files\Greatis
2010-09-29 18:21 . 2010-09-29 19:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 18:21 . 2010-09-29 18:23 -------- d-----w- c:\program files\SpywareBlaster
2010-09-29 17:30 . 2010-09-29 17:30 -------- d-----w- c:\program files\Common Files\Java
2010-09-29 17:30 . 2010-09-29 17:30 61440 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-788d5b2c-n\decora-sse.dll
2010-09-29 17:30 . 2010-09-29 17:30 503808 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\msvcp71.dll
2010-09-29 17:30 . 2010-09-29 17:30 499712 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\jmc.dll
2010-09-29 17:30 . 2010-09-29 17:30 348160 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e459e4-n\msvcr71.dll
2010-09-29 17:30 . 2010-09-29 17:30 12800 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-788d5b2c-n\decora-d3d.dll
2010-09-29 17:30 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-29 06:53 . 2010-09-29 06:53 -------- d-----w- c:\program files\MemTurbo 4
2010-09-29 06:07 . 2010-09-29 06:43 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-09-29 05:54 . 2010-09-29 06:01 -------- d-----w- C:\Combo-Fix9452C
2010-09-29 05:40 . 2010-09-29 05:40 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40 . 2010-09-29 05:40 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40 . 2010-09-01 18:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32 . 2010-09-29 05:38 -------- d-----w- C:\Combo-Fix23136C
2010-09-29 05:31 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28 . 2010-09-29 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 00:28 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-28 22:59 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52 . 2010-09-28 21:52 -------- d-----w- c:\program files\Panda Security
2010-09-28 21:29 . 2010-09-28 21:40 -------- d-----w- C:\Combo-Fix
2010-09-28 21:02 . 2010-09-29 05:46 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01 . 2010-09-29 05:40 -------- d-----w- c:\program files\UnHackMe
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47 . 2010-09-27 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 09:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:45 . 2010-09-27 09:45 -------- d-----w- C:\Temp
2010-09-27 08:52 . 2010-09-27 08:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47 . 2010-09-27 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-09-23 12:30 . 2010-09-23 12:30 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 12:30 . 2010-09-23 12:30 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 12:30 . 2010-09-23 12:30 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 12:30 . 2010-09-23 12:30 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 12:30 . 2010-09-23 12:30 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 12:30 . 2010-09-23 12:30 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 12:30 . 2010-09-23 12:30 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 12:29 . 2010-09-23 12:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 14:50 . 2010-04-17 03:16 0 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-10-03 02:26 . 2009-07-08 22:29 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-10-03 02:16 . 2009-12-30 23:01 64 ---h--w- c:\windows\popcreg.dat
2010-10-03 02:16 . 2009-12-30 23:01 16 ----a-w- c:\windows\popcinfot.dat
2010-09-29 19:27 . 2009-06-19 08:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 17:30 . 2009-06-19 08:48 -------- d-----w- c:\program files\Java
2010-09-29 05:31 . 2009-06-29 17:48 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-09-28 22:20 . 2010-05-25 08:22 -------- d-----w- c:\program files\Lavasoft
2010-09-28 21:44 . 2009-06-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-28 07:11 . 2009-09-10 19:04 -------- d-----w- c:\program files\PokerStars
2010-09-27 08:48 . 2009-06-29 02:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 08:47 . 2009-08-28 04:41 -------- d-----w- c:\program files\UltimateBet
2010-09-27 08:32 . 2009-06-29 00:07 -------- d-----w- c:\program files\AIM6
2010-09-27 04:12 . 2010-08-23 05:34 -------- d-----w- c:\documents and settings\Dan\Application Data\HEM Data
2010-09-27 02:02 . 2009-06-29 03:20 -------- d-----w- c:\program files\Cake Poker
2010-09-16 18:02 . 2009-08-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-18 00:37 . 2009-12-30 23:01 -------- d-----w- c:\program files\PopCap Games
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-06-29 01:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57 . 2009-06-29 00:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:57 . 2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:57 . 2009-06-29 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-10-07_14.49.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-07 15:09 . 2010-10-07 15:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\32ddd7b515a1b2be62c477cb4cf30859\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\79b366feec8ff00987e1210c4ce3b0d3\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\530eae2f0f7a6a135eb354d79d7e1587\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\41027ea3d9d396bd4da79bd023f744bf\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-07 15:08 . 2010-10-07 15:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\831f034f02c4477ebe3cf6381903c036\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\241f156436ff767e43b8492f30cf8f71\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-07 15:09 . 2010-10-07 15:09 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-07 15:08 . 2010-10-07 15:08 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-07 2067808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-7 447952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:25 217088 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-10-07 02:08 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-06-29 00:17 1794320 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-29 03:11 133104 ----atw- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-22 03:26 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-22 03:27 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-22 03:26 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 17:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-09-01 18:18 594200 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2010 8:52 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/28/2010 6:59 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 8:14 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 8:14 PM 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 8:17 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 8:17 PM 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:57 PM 308136]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/19/2009 7:41 AM 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/19/2009 7:41 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/19/2009 7:41 AM 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/7/2010 2:43 PM 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/29/2010 1:40 AM 35816]
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:03]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-376577450-1836091757-577865912-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-29 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\lm806m9v.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-376577450-1836091757-577865912-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\guard32.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
Completion time: 2010-10-07 11:46:31
ComboFix-quarantined-files.txt 2010-10-07 15:46
ComboFix2.txt 2010-10-07 14:50
ComboFix3.txt 2010-09-30 12:36
ComboFix4.txt 2010-09-29 06:01
ComboFix5.txt 2010-10-07 15:43

Pre-Run: 153,941,237,760 bytes free
Post-Run: 153,926,377,472 bytes free

- - End Of File - - ABC27B7593B812F891E171224A289E89


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4770

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/7/2010 11:52:11 AM
mbam-log-2010-10-07 (11-52-11).txt

Scan type: Quick scan
Objects scanned: 166754
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explorer.bad (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\winlogon.bad (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 06, 2010 11:54:00
Records in database: 4280474
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 72525
Threats found: 4
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:17:54


File name / Threat / Threats count
C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-149174dc Infected: Trojan-Downloader.Java.Agent.gr 1
C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-149174dc Infected: Trojan-Downloader.Java.Agent.gs 1
C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-149174dc Infected: Trojan-Downloader.Java.Agent.gt 1
C:\Documents and Settings\Dan\My Documents\My Music\mirc635(2).exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Documents and Settings\Dan\My Documents\My Music\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.
__________________
dannywisc is offline  
Old 10-07-2010, 03:14 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi

Please do the following:

Your Java is out of date.
Java™ 6 Update 11 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-07-2010, 04:57 PM   #14
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



It said that my java was up to date according to 9-29-10. I cleared the java here is the DDS. I haven't notice the google redirect problem all day which was the only problem I was having.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 19:55:17.21 on Thu 10/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.1743 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\PopCap Games\Peggle Deluxe\Peggle.exe
C:\Program Files\PopCap Games\Peggle Deluxe\popcapgame1.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251472754890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/peggle/sis/popcaploader_v10_en.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\lm806m9v.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dan\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-28 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-28 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-28 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-28 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-28 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-28 24096]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-28 692496]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-19 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-6-19 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-6-19 41760]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-7-7 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-9-29 35816]

=============== Created Last 30 ================

2010-10-07 15:43:50 507904 -c--a-w- c:\windows\system32\dllcache\winlogon.exe
2010-10-07 15:43:50 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2010-10-07 14:26:22 1033728 ------w- c:\windows\explorer.exe
2010-10-07 14:24:17 507904 ------w- c:\windows\system32\winlogon.exe
2010-09-30 12:51:53 0 ----a-w- c:\documents and settings\dan\defogger_reenable
2010-09-30 12:29:27 0 d-----w- C:\Combo-Fix21958C
2010-09-29 19:48:27 0 d-----w- c:\program files\Greatis
2010-09-29 18:21:51 0 d-----w- c:\program files\SpywareBlaster
2010-09-29 17:30:41 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-29 06:53:08 0 d-----w- c:\program files\MemTurbo 4
2010-09-29 06:07:52 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-09-29 05:54:22 0 d-----w- C:\Combo-Fix9452C
2010-09-29 05:40:37 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-29 05:40:37 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-09-29 05:40:35 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-29 05:32:52 0 d-----w- C:\Combo-Fix23136C
2010-09-29 05:31:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 00:52:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 00:28:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-28 22:59:14 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-28 21:52:32 0 d-----w- c:\program files\Panda Security
2010-09-28 21:33:08 0 d-sha-r- C:\cmdcons
2010-09-28 21:29:48 98816 ----a-w- c:\windows\sed.exe
2010-09-28 21:29:48 77312 ----a-w- c:\windows\MBR.exe
2010-09-28 21:29:48 256512 ----a-w- c:\windows\PEV.exe
2010-09-28 21:29:48 161792 ----a-w- c:\windows\SWREG.exe
2010-09-28 21:29:42 0 d-----w- C:\Combo-Fix
2010-09-28 21:02:16 2 --shatr- c:\windows\winstart.bat
2010-09-28 21:01:59 0 d-----w- c:\program files\UnHackMe
2010-09-27 09:47:17 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-09-27 09:47:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 09:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 09:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 09:47:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-27 09:45:54 0 d-----w- C:\Temp
2010-09-27 08:52:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-27 01:47:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 19:57:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

============= FINISH: 19:55:30.51 ===============
__________________
dannywisc is offline  
Old 10-07-2010, 08:24 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi

Please do the following:

You can delete the MBRCheck, RKU,DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-07-2010, 08:36 PM   #16
Registered Member
 
Join Date: Sep 2010
Posts: 9
OS: xp sp3



Thank you so much for the help I have not had any problems today. Thanks again.
__________________
dannywisc is offline  
Old 10-08-2010, 08:33 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



You are welcome

stay safe

~CB

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 11:17 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts