Trojan Virus Problem (With Logs)

[kdog179]

Ok well just last night I got this alert from my AVG that I had this trojan virus, I quickly moved it to the virus vault, did a scan, tried to remove it and all but I think it is still here and possibly installed more malicious programs on top

Some of the items in my vault include:
Win32/Heur
Win32/Cryptor
Trojan horse downloader.Generic8.BMFA
Trojan horse Clicker.AAWS

Another problem I am having is whenever I try to open My Computer or ControlPanel, windows explorer won't respond and I'll be prompted to close it

please help, I would like to clean up my system so I can setup measures to prevent this from happening again, I suspect I downloaded a file with a trojan embedded

thanks

Logs:

dds.txt

*I got the gmer.exe working so I uploaded the ark.txt*

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 13:10:42.72 on Fri 09/04/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.647 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [POL Agent] c:\program files\ardamax\POL.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ParetoLogic Anti-Virus PLUS] "c:\program files\paretologic\anti-virus plus\Pareto_AV.lnk" -NM -hidesplash
mRun: [ISTray] "c:\program files\pc tools internet security\pctsTray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\windows\system32\INetHTTPFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\4j9qkn2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - chrome://google-cjk-partner/locale/partner.properties
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 108552]

=============== Created Last 30 ================

2009-09-04 12:02 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 12:02 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-04 12:02 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-04 12:02 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-04 12:02 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-04 12:02 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-04 12:02 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-09-04 12:02 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-09-04 12:02 95,656 a------- c:\windows\system32\drivers\pctplfw.sys
2009-09-04 12:02 64,424 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-04 12:02 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-04 12:02 <DIR> --d----- c:\users\admini~1\appdata\roaming\PC Tools
2009-09-04 12:02 <DIR> --d----- c:\programdata\PC Tools
2009-09-04 12:02 <DIR> --d----- c:\program files\PC Tools Internet Security
2009-09-04 12:02 <DIR> --d----- c:\progra~2\PC Tools
2009-09-04 11:26 1,783,072 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-04 11:26 0 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-04 11:25 2,348 a------- C:\rollback.ini
2009-09-04 11:16 <DIR> --d----- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-09-04 11:16 <DIR> --d----- c:\programdata\ParetoLogic
2009-09-04 11:16 <DIR> --d----- c:\program files\ParetoLogic
2009-09-04 11:16 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-09-04 11:16 <DIR> --d----- c:\progra~2\ParetoLogic Anti-Virus PLUS
2009-09-04 11:16 <DIR> --d----- c:\progra~2\ParetoLogic
2009-09-04 10:48 <DIR> --d----- c:\programdata\SecTaskMan
2009-09-04 10:48 <DIR> --d----- c:\progra~2\SecTaskMan
2009-09-04 10:48 <DIR> --d----- c:\program files\Security Task Manager
2009-09-04 04:05 195,057,890 a------- c:\windows\MEMORY.DMP
2009-09-04 00:33 <DIR> --d----- c:\users\admini~1\appdata\roaming\.clamwin
2009-09-03 23:45 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-03 22:49 <DIR> --d----- c:\users\administrator\.thumbnails
2009-09-03 22:42 <DIR> --d----- c:\users\administrator\.gimp-2.6
2009-09-01 21:35 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-09-01 21:35 <DIR> --d----- c:\users\administrator\Office Genuine Advantage
2009-09-01 21:12 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-01 21:12 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 21:11 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-09-01 21:11 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-01 21:11 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-01 21:11 270,848 a------- c:\windows\system32\schannel.dll
2009-09-01 21:11 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-01 21:11 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-01 21:11 72,704 a------- c:\windows\system32\secur32.dll
2009-09-01 21:11 9,728 a------- c:\windows\system32\lsass.exe
2009-09-01 20:58 <DIR> --d----- c:\program files\epson
2009-09-01 20:58 61,952 a------- c:\windows\system32\escwiad.dll
2009-08-28 01:33 <DIR> --d----- C:\HammerAutosave
2009-08-27 12:47 2,048 a------- c:\windows\system32\tzres.dll
2009-08-22 19:21 <DIR> --d--r-- C:\Kevin
2009-08-12 15:10 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 15:10 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 15:10 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 15:10 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 15:10 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 15:10 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 15:10 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 15:10 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 15:10 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 15:10 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 15:10 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-07 19:51 178,430 a------- c:\windows\system32\xlive.dll.cat
2009-08-07 03:01 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-08-07 03:01 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-08-07 03:01 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-08-07 03:00 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE

==================== Find3M ====================

2009-09-04 12:11 51,200 a------- c:\windows\inf\infpub.dat
2009-09-04 12:11 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-04 12:11 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-12 18:47 137,544 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-12 18:46 189,480 a------- c:\windows\system32\PnkBstrB.exe
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-31 00:12 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-31 00:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 00:12 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 14:09 139,152 a------- c:\users\admini~1\appdata\roaming\PnkBstrK.sys
2009-07-22 14:09 794,408 a------- c:\windows\system32\pbsvc.exe
2009-07-22 14:09 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 07:35 828,416 a------- c:\windows\system32\wininet.dll
2009-07-08 01:17 34 a------- c:\users\administrator\jagex_runescape_preferences.dat
2009-06-20 10:42 1,049,790 a------- c:\windows\Prison Tycoon 3 Uninstaller.exe
2009-06-16 00:19 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-15 10:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 10:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 10:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 10:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:42 289,792 a------- c:\windows\system32\atmfd.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2007-03-17 02:00 35,979 a------- c:\program files\Photoshop CS3 Read Me.html
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-18 11:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-18 11:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-18 11:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-05 23:09 56 a--shr-- c:\windows\system32\5A8056E750.sys
2008-09-05 23:09 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:13:26.65 ===============

[CatByte]

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[kdog179]

I'm having trouble running ComboFix, whenever I try to run it I get a message saying it stopped working, and the detailed info tells me there was an APPCRASH

I got a similar message when trying to run some other programs, one was an Anti-Spyware program which I was trying to re-enable

on top of that my Security Center is disabled now and I can't turn it back on, I get a message saying It can't be started

any help? Thanks

[CatByte]

Hi,

Delete the copy of comboFix that you have on your desktop

Download a fresh copy from one of the following links.

Make sure you rename combofix to explorer.exe before you save it

Save it to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2



During the download, rename Combofix to EXPLORER as follows:





--------------------------------------------------------------------

• It is important you rename Combofix during the download, but not after.
• The picture indicates to rename to combo-fix, but please rename yours to EXPLORER

-----------------------------------------------------------

• Double click on explorer.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
  **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  
  
  
  -----------------------------------------------------------
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------

NOTE:If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

[CatByte]

Note:

You must disable AVG8 and windows defender or they will interfere:

here are the instructions;


Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on the task bar.

• Click on Tools.
• Select Advanced Settings.
• In the left hand pane, scroll down to "Resident Shield".
• In the main pane, deselect the option to "Enable Resident Shield."
• To re-enable AVG 8, please select "Enable Resident Shield" again.

For Windows Defender:

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• After you uncheck this, click on the Save button
• Close Windows Defender

[kdog179]

I had AVG and Windows Defender disabled back when I tried in the first place, so everything worked well.

Thanks again for all the help up to this point, I'm excited to get this nightmare over with...

Here's the log:

ComboFix 09-09-03.02 - Administrator 09/04/2009 23:25.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1193 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3221203700-3011449068-2825638513-1001
c:\recycler\S-1-5-21-1833090446-1927442581-2662049851-1007
c:\recycler\S-1-5-21-1833090446-1927442581-2662049851-500
c:\windows\Installer\80daac.msi
c:\windows\system32\drivers\rotscxdosbwqtm.sys
c:\windows\system32\drivers\rotscxmypipxtj.sys
c:\windows\system32\drivers\UACoqivlonesp.sys
c:\windows\system32\rotscxcmpimidw.dll
c:\windows\system32\rotscxexhuxprx.dat
c:\windows\system32\rotscxnstxnsrv.dat
c:\windows\system32\rotscxouimdlfx.dll
c:\windows\system32\rotscxubesidrv.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnedtxipstw.dll
c:\windows\system32\UACnifclrbxsq.dll
c:\windows\system32\UACvuvyxmsnpb.dat
c:\windows\system32\UACvvddhtprec.dll
c:\windows\system32\UACxdebxbhidr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxcubwycge
-------\Legacy_rotscxfwxiclmj
-------\Legacy_UACd.sys
-------\Service_rotscxcubwycge
-------\Service_rotscxfwxiclmj
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 03:35 . 2009-09-05 03:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-09-05 03:35 . 2009-09-05 03:35 -------- d-----w- c:\users\Mcx3\AppData\Local\temp
2009-09-05 03:35 . 2009-09-05 03:35 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2009-09-05 00:02 . 2009-09-05 00:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\PCToolsFirewallPlus
2009-09-05 00:02 . 2009-09-05 00:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\PCToolsSpamMonitorPlus
2009-09-04 21:38 . 2009-09-04 21:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-09-04 21:38 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 21:38 . 2009-09-04 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 21:38 . 2009-09-04 21:38 -------- d-----w- c:\programdata\Malwarebytes
2009-09-04 21:38 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:01 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-04 20:00 . 2009-09-04 20:00 -------- d-----w- c:\program files\Panda Security
2009-09-04 16:02 . 2009-09-05 00:26 -------- d-----w- c:\programdata\PC Tools
2009-09-04 15:26 . 2009-09-05 03:35 4592928 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-04 15:16 . 2009-09-04 15:16 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-09-04 15:16 . 2009-09-04 15:16 -------- d-----w- c:\programdata\ParetoLogic
2009-09-04 15:16 . 2009-09-04 15:16 -------- d-----w- c:\program files\ParetoLogic
2009-09-04 15:16 . 2009-09-04 15:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-04 14:48 . 2009-09-04 15:52 -------- d-----w- c:\programdata\SecTaskMan
2009-09-04 14:48 . 2009-09-04 14:48 -------- d-----w- c:\program files\Security Task Manager
2009-09-04 04:33 . 2009-09-04 04:33 -------- d-----w- c:\users\Flamin' Yon\.clamwin
2009-09-04 04:33 . 2009-09-04 04:33 -------- d-----w- c:\users\Flamin' Yon
2009-09-04 04:33 . 2009-09-04 04:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\.clamwin
2009-09-04 03:45 . 2009-09-04 15:10 -------- d--h--w- C:\$AVG8.VAULT$
2009-09-04 03:14 . 2009-09-04 03:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\gtk-2.0
2009-09-04 02:49 . 2009-09-04 02:49 -------- d-----w- c:\users\Administrator\.thumbnails
2009-09-04 02:42 . 2009-09-04 03:35 -------- d-----w- c:\users\Administrator\.gimp-2.6
2009-09-02 01:35 . 2009-09-02 01:35 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-02 01:35 . 2009-09-02 01:35 -------- d-----w- c:\users\Administrator\Office Genuine Advantage
2009-09-02 01:12 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 01:12 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 01:11 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 01:11 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-02 01:11 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-02 01:11 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-02 01:11 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-02 01:11 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-02 01:11 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-02 01:11 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-02 00:58 . 2009-09-02 00:58 -------- d-----w- c:\program files\epson
2009-09-02 00:58 . 2006-10-13 04:00 61952 ----a-w- c:\windows\system32\escwiad.dll
2009-08-28 05:33 . 2009-08-31 04:06 -------- d-----w- C:\HammerAutosave
2009-08-27 16:47 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-22 23:21 . 2009-08-22 23:22 -------- d-----r- C:\Kevin
2009-08-12 19:10 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 19:10 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 19:10 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 19:10 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 19:10 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 19:10 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 19:10 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 19:10 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-07 23:51 . 2009-08-07 23:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51 . 2009-08-07 23:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 07:01 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-07 07:01 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-07 07:01 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-07 07:00 . 2009-08-07 07:00 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-06 05:49 . 2009-08-06 05:49 -------- d-----w- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 03:36 . 2008-07-22 17:57 -------- d-----w- c:\program files\Steam
2009-09-05 03:35 . 2009-09-04 15:26 7040 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 03:03 . 2008-07-22 17:57 -------- d-----w- c:\program files\Common Files\Steam
2009-09-05 02:16 . 2008-07-09 06:01 1356 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-09-05 01:05 . 2008-07-18 03:07 -------- d-----w- c:\programdata\Google Updater
2009-09-04 23:50 . 2009-01-31 20:58 -------- d-----w- c:\programdata\avg8
2009-09-02 01:35 . 2008-07-09 06:01 144184 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-02 01:18 . 2008-07-09 06:25 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 01:16 . 2008-07-09 06:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-13 16:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 22:47 . 2009-06-27 04:13 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-12 22:46 . 2009-06-27 04:13 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-04 00:33 . 2008-08-05 01:18 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-02 03:35 . 2009-08-02 03:35 -------- d-----w- c:\program files\QS
2009-08-02 03:35 . 2009-08-02 03:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2009-07-31 12:46 . 2008-12-20 06:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 04:12 . 2009-07-31 04:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 04:12 . 2009-07-31 04:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 04:12 . 2009-07-31 04:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 04:12 . 2009-07-31 04:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 04:11 . 2009-07-31 04:11 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-31 04:06 . 2009-07-31 04:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG8
2009-07-27 04:11 . 2009-07-27 04:11 0 ----a-w- c:\windows\DXTA4A.tmp
2009-07-27 04:11 . 2009-07-27 04:11 0 ----a-w- c:\windows\DXTA3A.tmp
2009-07-26 00:01 . 2009-07-23 02:33 -------- d-----w- c:\program files\WildGames
2009-07-26 00:00 . 2009-07-23 02:32 -------- d-----w- c:\programdata\WildTangent
2009-07-22 18:09 . 2009-07-22 18:09 139152 ----a-w- c:\users\Administrator\AppData\Roaming\PnkBstrK.sys
2009-07-22 18:09 . 2009-07-22 18:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-22 18:09 . 2009-06-27 04:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\program files\iTunes
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\program files\iPod
2009-07-20 18:25 . 2008-12-25 13:59 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 16:01 . 2009-07-29 17:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-29 17:24 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-11 02:01 . 2009-07-11 01:54 -------- d-----w- c:\program files\Skulltag 0.97D4
2009-07-08 05:17 . 2008-07-18 03:32 34 ----a-w- c:\users\Administrator\jagex_runescape_preferences.dat
2009-07-07 04:41 . 2008-07-09 06:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 04:40 . 2009-04-29 01:51 -------- d-----w- c:\programdata\Skype
2009-07-07 04:39 . 2009-07-06 03:12 -------- d-----w- c:\program files\VideoLAN
2009-06-20 14:42 . 2009-06-19 17:48 1049790 ----a-w- c:\windows\Prison Tycoon 3 Uninstaller.exe
2009-06-15 14:53 . 2009-07-20 17:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-20 17:19 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-20 17:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-20 17:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-20 17:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 18:39 . 2009-06-11 18:39 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2007-03-17 06:00 . 2008-10-16 23:11 35979 ----a-w- c:\program files\Photoshop CS3 Read Me.html
2008-09-06 03:09 . 2008-09-06 03:09 56 --sha-r- c:\windows\System32\5A8056E750.sys
2008-09-06 03:09 . 2008-09-06 03:09 848 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-18 68856]
"Steam"="c:\program files\steam\steam.exe" [2009-06-29 1217784]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-18 144792]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-09-05 2427]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b9,c2,1b,64,7a,ee,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D47FB28-3A1E-4432-9E48-E3C60C016146}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{0838AC97-5557-499E-A23A-5EC4BC98525E}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{E313227E-DE68-4234-B42B-BEB8345E9C15}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{4B8E977D-567E-4315-8675-1D7B3481E7DD}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"TCP Query User{79A84529-6B42-4E44-8A30-501D26EDCD37}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{50B7ADC6-987E-46B5-A09F-151ABCCE16F7}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{8AFD9F89-116C-464E-ABD6-D864F4FAE35C}c:\\program files\\microsoft games\\halo 2\\halo2.exe"= UDP:c:\program files\microsoft games\halo 2\halo2.exe:Halo 2 for Windows Vista
"UDP Query User{0520966D-2E30-481E-8E9C-B6E53D5D969F}c:\\program files\\microsoft games\\halo 2\\halo2.exe"= TCP:c:\program files\microsoft games\halo 2\halo2.exe:Halo 2 for Windows Vista
"TCP Query User{2DB49A8F-5748-4158-8828-4B64B0B76139}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B29EF5C0-6996-40BB-811D-6BB6E8526C9F}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{9F4C2117-465E-40E2-85EA-5B970D70593B}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\counter-strike source\hl2.exe:hl2
"UDP Query User{C5CF5A01-9A40-473A-B375-9C2DCCFB4F5F}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\counter-strike source\hl2.exe:hl2
"{128D4957-4423-48AD-8877-A014AE7DA943}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{B6D33B3E-66EA-4278-84B7-2F8EB8FAC075}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{B1E35C70-F37B-46C9-A619-F08A6A63E273}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{11A0517A-ABE0-4C5C-A9D9-AECCE95D4247}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{D283944C-5230-4DBA-BC03-85CC87B6B85D}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{4B52FC06-1966-4AD6-9E91-E0858BE602A8}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"TCP Query User{53179770-D52C-4B91-9FBD-3E8C8610B50C}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\team fortress 2\hl2.exe:hl2
"UDP Query User{B5DDBDD0-B45A-4C56-8074-5AA1B1406DC3}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\team fortress 2\hl2.exe:hl2
"TCP Query User{78319A6F-283D-45CF-ADA1-989D8264D466}c:\\users\\administrator\\desktop\\eclipse\\server\\server.exe"= UDP:c:\users\administrator\desktop\eclipse\server\server.exe:server.exe
"UDP Query User{270ED0AB-D81C-4F57-803B-CF93AF68022D}c:\\users\\administrator\\desktop\\eclipse\\server\\server.exe"= TCP:c:\users\administrator\desktop\eclipse\server\server.exe:server.exe
"TCP Query User{185EB7BE-01FE-48A5-A521-93363D01251F}c:\\users\\administrator\\desktop\\server\\playerworlds lite server.exe"= UDP:c:\users\administrator\desktop\server\playerworlds lite server.exe:playerworlds lite server.exe
"UDP Query User{1ACA35BB-6CD2-41CB-A494-72A091FDFF13}c:\\users\\administrator\\desktop\\server\\playerworlds lite server.exe"= TCP:c:\users\administrator\desktop\server\playerworlds lite server.exe:playerworlds lite server.exe
"{6E99131B-F6DB-414B-99D2-CF5D28FCA670}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{5A7DC9AF-4796-4B2B-8826-8F9ADACE8326}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{1DE14C31-0A06-4CE9-AB57-AD54ED886A6B}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{8C9EB85C-B1FE-4324-9C4B-EBA57AF9B25A}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{5D6C7170-2E20-4FF3-BE8F-BF91245583AE}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{C25AAF75-8B3B-48BD-89D6-ACF8F80F8137}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"{1442F55B-F20C-4119-85EE-7FB4DB45357B}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{14B17F21-D5D1-48C2-BA34-7CD4C23A7AF1}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{B81F7892-7310-498B-92A7-FBBE3F749628}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"{3C747691-EC80-4BAF-B64B-0FC65720442C}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"TCP Query User{54E5D17C-EB04-4D6D-A641-A5AEC699F175}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{75E57B7B-9628-43BE-AB13-68174576F876}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{B3C98938-9DFC-4D73-8FC5-301159449E9C}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source\hl2.exe:hl2
"UDP Query User{44F356C0-1DDD-422A-AB92-0449AA2A8598}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source\hl2.exe:hl2
"TCP Query User{F685FCEF-D388-44B7-8627-6D4A4AE9EF8A}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\diprip warm up\hl2.exe:hl2
"UDP Query User{385CD9AF-4573-41EE-AA17-C85161059268}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\diprip warm up\hl2.exe:hl2
"TCP Query User{6B9DF665-9B89-4E0D-BBFD-DDA8A6FFE17A}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\insurgency\hl2.exe:hl2
"UDP Query User{AC6318C3-0F9F-4C64-A6E6-04D1FDFBA498}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\insurgency\hl2.exe:hl2
"TCP Query User{1E793016-092E-4D43-ADD8-FF9F3B144E0F}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\age of chivalry\hl2.exe:hl2
"UDP Query User{88F3797A-E18A-4D9C-966A-078A22B3E804}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\age of chivalry\hl2.exe:hl2
"TCP Query User{B30B02DA-B6B5-4B66-AF8B-0821A47EF2D5}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\synergy\hl2.exe:hl2
"UDP Query User{CD8F021E-A4EF-43CA-9518-9C2E9EFC2A64}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\synergy\hl2.exe:hl2
"TCP Query User{61AF34F7-B9FC-4A41-8BB2-C79C8F6DD241}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\garrysmod\hl2.exe:hl2
"UDP Query User{9C9C3FD8-BA01-46FB-A0B5-9240A5C15F48}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\garrysmod\hl2.exe:hl2
"TCP Query User{0D683E18-5A41-4227-9BF0-4C76BA855709}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\day of defeat source\hl2.exe:hl2
"UDP Query User{5E49746C-199B-446F-B07E-CC59B665D9B5}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\day of defeat source\hl2.exe:hl2
"TCP Query User{E13E2B89-9559-4A28-84D9-8440DCA79A9B}c:\\users\\administrator\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\administrator\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{8CD2A7CB-E9E4-4FF3-ADE4-C7E5CD7FC23A}c:\\users\\administrator\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\administrator\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{F905DA42-1C00-453E-982D-D06D0D81F4FD}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{D554AE17-4539-48AA-A706-9CA38B2CA2E0}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{ED852112-0CB7-4E4A-A277-790A5B3AE058}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{138A1770-8299-457C-90CC-0C09611C6982}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{BBC45366-B34F-4C1B-AF89-A0E5CE408280}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\half-life\hl.exe:Half-Life Launcher
"UDP Query User{A95EC4B3-4BC7-4B25-AF7A-9AD376AC9479}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\half-life\hl.exe:Half-Life Launcher
"TCP Query User{51A3815A-E56A-4F4F-A807-26A06566AED7}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source dedicated server\srcds.exe:srcds
"UDP Query User{62F1B1B0-6007-4A6D-B6DB-54D1D00770CF}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source dedicated server\srcds.exe:srcds
"TCP Query User{23015FB8-EE23-49CC-A7F5-AA0416472786}c:\\users\\administrator\\desktop\\steam server\\orangebox\\srcds.exe"= UDP:c:\users\administrator\desktop\steam server\orangebox\srcds.exe:srcds.exe
"UDP Query User{4D143FFF-EF60-4023-AA6C-7F49EC616E33}c:\\users\\administrator\\desktop\\steam server\\orangebox\\srcds.exe"= TCP:c:\users\administrator\desktop\steam server\orangebox\srcds.exe:srcds.exe
"{FCB1B510-B100-4B9F-8A14-B99B5035055C}"= TCP:1200:Friends Network
"{54E0B4DA-A5C8-44DE-A780-4F0ECE7AC7A7}"= TCP:27020:
"{CCBE5788-F111-46A0-BE33-C7213ADAC5FA}"= UDP:27015:SRCDS Rcon port
"{1995A0F0-47DC-4FBF-BC9A-D0FF72BC097C}"= UDP:27030:Gameport1
"{F29915AA-359F-4341-B01B-FF10D7E55A10}"= UDP:27001:Gameport2
"TCP Query User{89CC180D-8245-4135-9686-88469105DCC4}c:\\program files\\microsoft games\\skulltag\\skulltag.exe"= UDP:c:\program files\microsoft games\skulltag\skulltag.exe:Skulltag
"UDP Query User{BCA81A9D-B7BA-4544-9555-130A9DF29BAB}c:\\program files\\microsoft games\\skulltag\\skulltag.exe"= TCP:c:\program files\microsoft games\skulltag\skulltag.exe:Skulltag
"TCP Query User{CF3C1852-1C3A-41EC-8645-2A2FFD93467E}c:\\program files\\microsoft games\\skulltag\\idese.exe"= UDP:c:\program files\microsoft games\skulltag\idese.exe:IdeSE
"UDP Query User{3587524F-90D4-49C1-B7DA-C810DEB60D4D}c:\\program files\\microsoft games\\skulltag\\idese.exe"= TCP:c:\program files\microsoft games\skulltag\idese.exe:IdeSE
"{ACFE4200-6E61-46DB-B40E-1AA1A53F9D73}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{474A1EC7-49EB-4042-B986-49792322066B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B9FD4008-86E2-4F14-85A3-D179A2FA56C3}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{7494DF68-94BC-4C85-94D8-00381702AD00}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{47C28B75-3C59-4ED3-B1B1-1B656FDA5C4E}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{5EB9C10F-9DD6-4AE4-8D06-BB1CC6D2FE6E}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{BA10A917-4A53-4060-8EF4-D5B4E4EF3381}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{8CC723B5-BEA8-4C2A-BBC8-592DE6072E42}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{C0585B76-23A7-40CB-A17F-B567235E931B}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{E4C93049-A910-4B9B-AAA0-FD647E081A8F}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{1B7EFDB0-DD13-46C4-A29D-18E05D48FCB9}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{1EB7A338-79A1-448A-9F98-99C30D94D285}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{FE8B73C0-58D5-4890-9102-2B964E56159C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1B7A3A28-2CF4-4615-9E3D-074EA4B19CC6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{984199BB-7B6E-42C8-BACF-E53D7096E5D2}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{FF46DFB0-A346-481F-9624-A71C202841A3}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{379BF50F-05B7-4C0E-BFA0-868F57EAEF43}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\source dedicated server\srcds.exe:srcds
"UDP Query User{D1F0A251-93E0-48BB-B9EE-B1337653B63D}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\source dedicated server\srcds.exe:srcds
"{7016B6F2-E4E6-4A8B-9BFC-2D15344E2CDA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6A6D5B3-F2FB-4166-B37F-DA4B141E85A2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A4DAF6B3-36C6-4F0C-AA5F-CC1B6D729B5E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D694D8F2-F629-455E-A614-DAB78EDB8C9B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{116C2814-97A6-4969-9238-4D082FC2A19C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A0E6012-5BE4-4ACB-94AC-5CBF6FFD3184}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F545668F-2FAB-4DF9-87A1-B7E398B618AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4E51BDFD-7B68-42AF-861C-34150F6BA9A6}c:\\program files\\skulltag 0.97d4\\idese.exe"= UDP:c:\program files\skulltag 0.97d4\idese.exe:Idese
"UDP Query User{F92A006F-E0E7-466A-91B1-0622874943E2}c:\\program files\\skulltag 0.97d4\\idese.exe"= TCP:c:\program files\skulltag 0.97d4\idese.exe:Idese
"TCP Query User{1D2F3CAA-AC6B-4AF7-9BC3-88E81FE972C9}c:\\program files\\skulltag 0.97d4\\skulltag.exe"= UDP:c:\program files\skulltag 0.97d4\skulltag.exe:Skulltag
"UDP Query User{D202A0F9-4405-4822-8272-25B6C962D363}c:\\program files\\skulltag 0.97d4\\skulltag.exe"= TCP:c:\program files\skulltag 0.97d4\skulltag.exe:Skulltag
"{CB9CC205-85F6-4FA1-8558-9F1EF1738C13}"= UDP:c:\program files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{EBC2A438-8D71-4513-8D44-4B9DA796071F}"= TCP:c:\program files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{EF801B1F-3CE3-4068-B9D2-99839EF83788}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EF8608FD-7993-4D78-B4B9-DBBC07435F19}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{47CFD3FB-D810-47A3-BF00-F902B5C21B85}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9065EACC-FFD3-495F-A195-A64F7F553328}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D7592CF6-2B5B-40EA-AE85-3CE5FD302E4E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{68C624AD-4957-4A2C-B3CA-C0D86EC93A73}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0CC8EDBD-B05C-4128-BE2E-EE6C721C9F02}"= UDP:3689:Itunes Remote
"{F53B73C3-142E-4895-AEC2-24EF35809D4D}"= TCP:5353:Itunes Remote 2
"{DA216633-227E-4A85-A8CF-043E233E3560}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{65A970B0-A5E6-4FF1-BAC6-A743AB9A8CDC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [9/4/2009 4:01 PM 28544]
R0 RVSDISK;RVSDISK;c:\windows\System32\drivers\RVSDISK.sys [9/6/2008 4:28 PM 11904]
R0 RVSYSTEM;RVSYSTEM;c:\windows\System32\drivers\RVSYSTEM.sys [9/6/2008 4:28 PM 38272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/31/2009 12:12 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/31/2009 12:12 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/31/2009 12:10 AM 297752]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/20/2008 10:27 PM 249856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/20/2008 10:27 PM 212992]
S4 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [2/18/2009 2:40 PM 587216]
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 23:28]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221203700-3011449068-2825638513-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 00:38]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221203700-3011449068-2825638513-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 00:38]

2009-09-04 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-09-04 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-09-04 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-09-04 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1689682F-734F-41C3-A2B5-D1C884269B3C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4j9qkn2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - chrome://google-cjk-partner/locale/partner.properties
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Administrator\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 23:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Winword.exe"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Paint.Picture"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4a"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4v"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EXCEL.EXE"

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:91,8f,f9,54,60,cc,d5,16,ac,ff,e7,a7,9d,91,81,a1,53,73,ad,98,cf,20,cd,
f4,91,55,58,ab,59,8e,8c,55,44,1d,0f,d3,4f,cf,d5,e9,96,88,23,86,67,5f,36,5b,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\SecuROM\License information*]
"datasecu"=hex:41,90,30,ff,47,a8,ad,2e,18,88,ac,cf,2b,f0,28,b7,50,ad,39,dd,92,
0a,38,12,45,a0,a3,d2,79,f7,e0,1c,26,ec,42,8a,f2,57,59,2b,32,17,21,5d,61,d2,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,19,a8,4b,89,4c,
61,ec,54,e2,63,26,f1,3f,c8,ff,68,51,7a,97,db,3b,11,a0,e6,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7e,04,04,61,36,
c5,ad,ca,6a,9c,d6,61,af,45,84,18,da,e1,99,f6,9e,38,88,61,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,aa,4e,49,3e,12,
32,d0,a9,ff,7c,85,e0,43,d4,0e,fe,a6,90,39,c8,3f,18,56,5f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,4c,b1,35,9c,43,
7c,0a,ff,86,8c,21,01,be,91,eb,e7,7d,84,93,19,10,44,ca,bb,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,cc,ac,26,9f,36,
00,f0,f5,f5,1d,4d,73,a8,13,5c,05,04,7b,56,27,e0,6b,d8,3c,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,67,54,aa,e5,c8,
b1,9a,4f,df,20,58,62,78,6b,cf,c8,2c,f1,5d,9a,74,17,01,8a,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,52,59,54,1c,76,
13,2f,de,fb,a7,78,e6,12,2f,9a,ea,99,49,85,79,62,bd,fd,fb,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f3,e8,6c,f1,95,
5e,74,e0,01,3a,48,fc,e8,04,4a,f1,35,08,c2,36,ee,7f,7a,06,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,1a,9e,92,7a,44,
e1,83,43,f6,0f,4e,58,98,5b,89,c9,66,75,13,33,8d,f9,7c,1d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a0,54,b4,b7,9e,
d4,f4,17,3d,ce,ea,26,2d,45,aa,78,2a,d1,45,df,57,b3,2d,60,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2c,21,05,7a,26,
0e,5d,56,2a,b7,cc,b5,b9,7f,41,e7,c4,85,22,17,2b,60,40,d5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,76,5a,04,7d,de,
01,f3,c4,6c,43,2d,1e,aa,22,2f,9c,a1,84,4a,55,f6,4f,bd,5f,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\sdclt.exe
.
**************************************************************************
.
Completion time: 2009-09-05 23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 03:46

Pre-Run: 18,919,514,112 bytes free
Post-Run: 18,993,090,560 bytes free

660 --- E O F --- 2009-09-04 05:00

[CatByte]

Hi,

You have two AV's installed Pareto Logic and AVG8.

You should only have one AV installed, more than one creates, conflicts, slowdowns and system crashes.

NEXT

Please do the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

RegLock::
[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[kdog179]

Ok heres the ComboFix log:

ComboFix 09-09-04.01 - Administrator 09/05/2009 0:50.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1148 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Mcx3\AppData\Local\temp
2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Flamin' Yon\AppData\Local\temp
2009-09-05 04:55 . 2009-09-05 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-05 00:02 . 2009-09-05 00:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\PCToolsFirewallPlus
2009-09-05 00:02 . 2009-09-05 00:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\PCToolsSpamMonitorPlus
2009-09-04 21:38 . 2009-09-04 21:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-09-04 21:38 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 21:38 . 2009-09-04 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 21:38 . 2009-09-04 21:38 -------- d-----w- c:\programdata\Malwarebytes
2009-09-04 21:38 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:01 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-04 20:00 . 2009-09-04 20:00 -------- d-----w- c:\program files\Panda Security
2009-09-04 16:02 . 2009-09-05 00:26 -------- d-----w- c:\programdata\PC Tools
2009-09-04 15:26 . 2009-09-05 04:42 4592928 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-04 15:16 . 2009-09-05 04:40 -------- d-----w- c:\programdata\ParetoLogic
2009-09-04 15:16 . 2009-09-05 04:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-04 14:48 . 2009-09-04 15:52 -------- d-----w- c:\programdata\SecTaskMan
2009-09-04 14:48 . 2009-09-04 14:48 -------- d-----w- c:\program files\Security Task Manager
2009-09-04 04:33 . 2009-09-05 03:46 -------- d-----w- c:\users\Flamin' Yon
2009-09-04 04:33 . 2009-09-04 04:33 -------- d-----w- c:\users\Flamin' Yon\.clamwin
2009-09-04 04:33 . 2009-09-04 04:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\.clamwin
2009-09-04 03:45 . 2009-09-04 15:10 -------- d--h--w- C:\$AVG8.VAULT$
2009-09-04 03:14 . 2009-09-04 03:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\gtk-2.0
2009-09-04 02:49 . 2009-09-04 02:49 -------- d-----w- c:\users\Administrator\.thumbnails
2009-09-04 02:42 . 2009-09-04 03:35 -------- d-----w- c:\users\Administrator\.gimp-2.6
2009-09-02 01:35 . 2009-09-02 01:35 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-02 01:35 . 2009-09-02 01:35 -------- d-----w- c:\users\Administrator\Office Genuine Advantage
2009-09-02 01:12 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 01:12 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 01:11 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 01:11 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-02 01:11 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-02 01:11 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-02 01:11 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-02 01:11 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-02 01:11 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-02 01:11 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-02 00:58 . 2009-09-02 00:58 -------- d-----w- c:\program files\epson
2009-09-02 00:58 . 2006-10-13 04:00 61952 ----a-w- c:\windows\system32\escwiad.dll
2009-08-28 05:33 . 2009-08-31 04:06 -------- d-----w- C:\HammerAutosave
2009-08-27 16:47 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-22 23:21 . 2009-08-22 23:22 -------- d-----r- C:\Kevin
2009-08-12 19:10 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 19:10 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 19:10 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 19:10 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 19:10 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 19:10 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 19:10 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 19:10 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-07 23:51 . 2009-08-07 23:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51 . 2009-08-07 23:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 07:01 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-07 07:01 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-07 07:01 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-07 07:00 . 2009-08-07 07:00 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-06 05:49 . 2009-08-06 05:49 -------- d-----w- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 04:43 . 2008-07-22 17:57 -------- d-----w- c:\program files\Steam
2009-09-05 04:42 . 2009-09-04 15:26 8240 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 03:03 . 2008-07-22 17:57 -------- d-----w- c:\program files\Common Files\Steam
2009-09-05 02:16 . 2008-07-09 06:01 1356 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-09-05 01:05 . 2008-07-18 03:07 -------- d-----w- c:\programdata\Google Updater
2009-09-04 23:50 . 2009-01-31 20:58 -------- d-----w- c:\programdata\avg8
2009-09-02 01:35 . 2008-07-09 06:01 144184 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-02 01:18 . 2008-07-09 06:25 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 01:16 . 2008-07-09 06:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-13 16:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 22:47 . 2009-06-27 04:13 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-12 22:46 . 2009-06-27 04:13 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-04 00:33 . 2008-08-05 01:18 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-02 03:35 . 2009-08-02 03:35 -------- d-----w- c:\program files\QS
2009-08-02 03:35 . 2009-08-02 03:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2009-07-31 12:46 . 2008-12-20 06:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 04:12 . 2009-07-31 04:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 04:12 . 2009-07-31 04:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 04:12 . 2009-07-31 04:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 04:12 . 2009-07-31 04:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 04:11 . 2009-07-31 04:11 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-31 04:06 . 2009-07-31 04:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG8
2009-07-27 04:11 . 2009-07-27 04:11 0 ----a-w- c:\windows\DXTA4A.tmp
2009-07-27 04:11 . 2009-07-27 04:11 0 ----a-w- c:\windows\DXTA3A.tmp
2009-07-26 00:01 . 2009-07-23 02:33 -------- d-----w- c:\program files\WildGames
2009-07-26 00:00 . 2009-07-23 02:32 -------- d-----w- c:\programdata\WildTangent
2009-07-22 18:09 . 2009-07-22 18:09 139152 ----a-w- c:\users\Administrator\AppData\Roaming\PnkBstrK.sys
2009-07-22 18:09 . 2009-07-22 18:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-22 18:09 . 2009-06-27 04:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\program files\iTunes
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\program files\iPod
2009-07-20 18:25 . 2008-12-25 13:59 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 16:01 . 2009-07-29 17:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-29 17:24 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-11 02:01 . 2009-07-11 01:54 -------- d-----w- c:\program files\Skulltag 0.97D4
2009-07-08 05:17 . 2008-07-18 03:32 34 ----a-w- c:\users\Administrator\jagex_runescape_preferences.dat
2009-06-20 14:42 . 2009-06-19 17:48 1049790 ----a-w- c:\windows\Prison Tycoon 3 Uninstaller.exe
2009-06-15 14:53 . 2009-07-20 17:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-20 17:19 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-20 17:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-20 17:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-20 17:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 18:39 . 2009-06-11 18:39 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2007-03-17 06:00 . 2008-10-16 23:11 35979 ----a-w- c:\program files\Photoshop CS3 Read Me.html
2008-09-06 03:09 . 2008-09-06 03:09 56 --sha-r- c:\windows\System32\5A8056E750.sys
2008-09-06 03:09 . 2008-09-06 03:09 848 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-18 68856]
"Steam"="c:\program files\steam\steam.exe" [2009-06-29 1217784]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-18 144792]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b9,c2,1b,64,7a,ee,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D47FB28-3A1E-4432-9E48-E3C60C016146}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{0838AC97-5557-499E-A23A-5EC4BC98525E}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{E313227E-DE68-4234-B42B-BEB8345E9C15}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{4B8E977D-567E-4315-8675-1D7B3481E7DD}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"TCP Query User{79A84529-6B42-4E44-8A30-501D26EDCD37}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{50B7ADC6-987E-46B5-A09F-151ABCCE16F7}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{8AFD9F89-116C-464E-ABD6-D864F4FAE35C}c:\\program files\\microsoft games\\halo 2\\halo2.exe"= UDP:c:\program files\microsoft games\halo 2\halo2.exe:Halo 2 for Windows Vista
"UDP Query User{0520966D-2E30-481E-8E9C-B6E53D5D969F}c:\\program files\\microsoft games\\halo 2\\halo2.exe"= TCP:c:\program files\microsoft games\halo 2\halo2.exe:Halo 2 for Windows Vista
"TCP Query User{2DB49A8F-5748-4158-8828-4B64B0B76139}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B29EF5C0-6996-40BB-811D-6BB6E8526C9F}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{9F4C2117-465E-40E2-85EA-5B970D70593B}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\counter-strike source\hl2.exe:hl2
"UDP Query User{C5CF5A01-9A40-473A-B375-9C2DCCFB4F5F}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\counter-strike source\hl2.exe:hl2
"{128D4957-4423-48AD-8877-A014AE7DA943}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{B6D33B3E-66EA-4278-84B7-2F8EB8FAC075}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{B1E35C70-F37B-46C9-A619-F08A6A63E273}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{11A0517A-ABE0-4C5C-A9D9-AECCE95D4247}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{D283944C-5230-4DBA-BC03-85CC87B6B85D}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{4B52FC06-1966-4AD6-9E91-E0858BE602A8}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"TCP Query User{53179770-D52C-4B91-9FBD-3E8C8610B50C}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\team fortress 2\hl2.exe:hl2
"UDP Query User{B5DDBDD0-B45A-4C56-8074-5AA1B1406DC3}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\team fortress 2\hl2.exe:hl2
"TCP Query User{78319A6F-283D-45CF-ADA1-989D8264D466}c:\\users\\administrator\\desktop\\eclipse\\server\\server.exe"= UDP:c:\users\administrator\desktop\eclipse\server\server.exe:server.exe
"UDP Query User{270ED0AB-D81C-4F57-803B-CF93AF68022D}c:\\users\\administrator\\desktop\\eclipse\\server\\server.exe"= TCP:c:\users\administrator\desktop\eclipse\server\server.exe:server.exe
"TCP Query User{185EB7BE-01FE-48A5-A521-93363D01251F}c:\\users\\administrator\\desktop\\server\\playerworlds lite server.exe"= UDP:c:\users\administrator\desktop\server\playerworlds lite server.exe:playerworlds lite server.exe
"UDP Query User{1ACA35BB-6CD2-41CB-A494-72A091FDFF13}c:\\users\\administrator\\desktop\\server\\playerworlds lite server.exe"= TCP:c:\users\administrator\desktop\server\playerworlds lite server.exe:playerworlds lite server.exe
"{6E99131B-F6DB-414B-99D2-CF5D28FCA670}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{5A7DC9AF-4796-4B2B-8826-8F9ADACE8326}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{1DE14C31-0A06-4CE9-AB57-AD54ED886A6B}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{8C9EB85C-B1FE-4324-9C4B-EBA57AF9B25A}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{5D6C7170-2E20-4FF3-BE8F-BF91245583AE}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{C25AAF75-8B3B-48BD-89D6-ACF8F80F8137}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"{1442F55B-F20C-4119-85EE-7FB4DB45357B}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{14B17F21-D5D1-48C2-BA34-7CD4C23A7AF1}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{B81F7892-7310-498B-92A7-FBBE3F749628}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"{3C747691-EC80-4BAF-B64B-0FC65720442C}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"TCP Query User{54E5D17C-EB04-4D6D-A641-A5AEC699F175}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{75E57B7B-9628-43BE-AB13-68174576F876}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{B3C98938-9DFC-4D73-8FC5-301159449E9C}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source\hl2.exe:hl2
"UDP Query User{44F356C0-1DDD-422A-AB92-0449AA2A8598}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source\hl2.exe:hl2
"TCP Query User{F685FCEF-D388-44B7-8627-6D4A4AE9EF8A}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\diprip warm up\hl2.exe:hl2
"UDP Query User{385CD9AF-4573-41EE-AA17-C85161059268}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\diprip warm up\hl2.exe:hl2
"TCP Query User{6B9DF665-9B89-4E0D-BBFD-DDA8A6FFE17A}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\insurgency\hl2.exe:hl2
"UDP Query User{AC6318C3-0F9F-4C64-A6E6-04D1FDFBA498}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\insurgency\hl2.exe:hl2
"TCP Query User{1E793016-092E-4D43-ADD8-FF9F3B144E0F}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\age of chivalry\hl2.exe:hl2
"UDP Query User{88F3797A-E18A-4D9C-966A-078A22B3E804}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\age of chivalry\hl2.exe:hl2
"TCP Query User{B30B02DA-B6B5-4B66-AF8B-0821A47EF2D5}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\synergy\hl2.exe:hl2
"UDP Query User{CD8F021E-A4EF-43CA-9518-9C2E9EFC2A64}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\synergy\hl2.exe:hl2
"TCP Query User{61AF34F7-B9FC-4A41-8BB2-C79C8F6DD241}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\garrysmod\hl2.exe:hl2
"UDP Query User{9C9C3FD8-BA01-46FB-A0B5-9240A5C15F48}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\garrysmod\hl2.exe:hl2
"TCP Query User{0D683E18-5A41-4227-9BF0-4C76BA855709}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\day of defeat source\hl2.exe:hl2
"UDP Query User{5E49746C-199B-446F-B07E-CC59B665D9B5}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\day of defeat source\hl2.exe:hl2
"TCP Query User{E13E2B89-9559-4A28-84D9-8440DCA79A9B}c:\\users\\administrator\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\administrator\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{8CD2A7CB-E9E4-4FF3-ADE4-C7E5CD7FC23A}c:\\users\\administrator\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\administrator\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{F905DA42-1C00-453E-982D-D06D0D81F4FD}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{D554AE17-4539-48AA-A706-9CA38B2CA2E0}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{ED852112-0CB7-4E4A-A277-790A5B3AE058}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{138A1770-8299-457C-90CC-0C09611C6982}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{BBC45366-B34F-4C1B-AF89-A0E5CE408280}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\half-life\hl.exe:Half-Life Launcher
"UDP Query User{A95EC4B3-4BC7-4B25-AF7A-9AD376AC9479}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\half-life\hl.exe:Half-Life Launcher
"TCP Query User{51A3815A-E56A-4F4F-A807-26A06566AED7}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source dedicated server\srcds.exe:srcds
"UDP Query User{62F1B1B0-6007-4A6D-B6DB-54D1D00770CF}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\zombie panic! source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\zombie panic! source dedicated server\srcds.exe:srcds
"TCP Query User{23015FB8-EE23-49CC-A7F5-AA0416472786}c:\\users\\administrator\\desktop\\steam server\\orangebox\\srcds.exe"= UDP:c:\users\administrator\desktop\steam server\orangebox\srcds.exe:srcds.exe
"UDP Query User{4D143FFF-EF60-4023-AA6C-7F49EC616E33}c:\\users\\administrator\\desktop\\steam server\\orangebox\\srcds.exe"= TCP:c:\users\administrator\desktop\steam server\orangebox\srcds.exe:srcds.exe
"{FCB1B510-B100-4B9F-8A14-B99B5035055C}"= TCP:1200:Friends Network
"{54E0B4DA-A5C8-44DE-A780-4F0ECE7AC7A7}"= TCP:27020:
"{CCBE5788-F111-46A0-BE33-C7213ADAC5FA}"= UDP:27015:SRCDS Rcon port
"{1995A0F0-47DC-4FBF-BC9A-D0FF72BC097C}"= UDP:27030:Gameport1
"{F29915AA-359F-4341-B01B-FF10D7E55A10}"= UDP:27001:Gameport2
"TCP Query User{89CC180D-8245-4135-9686-88469105DCC4}c:\\program files\\microsoft games\\skulltag\\skulltag.exe"= UDP:c:\program files\microsoft games\skulltag\skulltag.exe:Skulltag
"UDP Query User{BCA81A9D-B7BA-4544-9555-130A9DF29BAB}c:\\program files\\microsoft games\\skulltag\\skulltag.exe"= TCP:c:\program files\microsoft games\skulltag\skulltag.exe:Skulltag
"TCP Query User{CF3C1852-1C3A-41EC-8645-2A2FFD93467E}c:\\program files\\microsoft games\\skulltag\\idese.exe"= UDP:c:\program files\microsoft games\skulltag\idese.exe:IdeSE
"UDP Query User{3587524F-90D4-49C1-B7DA-C810DEB60D4D}c:\\program files\\microsoft games\\skulltag\\idese.exe"= TCP:c:\program files\microsoft games\skulltag\idese.exe:IdeSE
"{ACFE4200-6E61-46DB-B40E-1AA1A53F9D73}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{474A1EC7-49EB-4042-B986-49792322066B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B9FD4008-86E2-4F14-85A3-D179A2FA56C3}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{7494DF68-94BC-4C85-94D8-00381702AD00}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{47C28B75-3C59-4ED3-B1B1-1B656FDA5C4E}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{5EB9C10F-9DD6-4AE4-8D06-BB1CC6D2FE6E}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{BA10A917-4A53-4060-8EF4-D5B4E4EF3381}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{8CC723B5-BEA8-4C2A-BBC8-592DE6072E42}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{C0585B76-23A7-40CB-A17F-B567235E931B}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{E4C93049-A910-4B9B-AAA0-FD647E081A8F}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{1B7EFDB0-DD13-46C4-A29D-18E05D48FCB9}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{1EB7A338-79A1-448A-9F98-99C30D94D285}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{FE8B73C0-58D5-4890-9102-2B964E56159C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1B7A3A28-2CF4-4615-9E3D-074EA4B19CC6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{984199BB-7B6E-42C8-BACF-E53D7096E5D2}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{FF46DFB0-A346-481F-9624-A71C202841A3}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{379BF50F-05B7-4C0E-BFA0-868F57EAEF43}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\sgt_mc_cool\source dedicated server\srcds.exe:srcds
"UDP Query User{D1F0A251-93E0-48BB-B9EE-B1337653B63D}c:\\program files\\steam\\steamapps\\sgt_mc_cool\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\sgt_mc_cool\source dedicated server\srcds.exe:srcds
"{7016B6F2-E4E6-4A8B-9BFC-2D15344E2CDA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6A6D5B3-F2FB-4166-B37F-DA4B141E85A2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A4DAF6B3-36C6-4F0C-AA5F-CC1B6D729B5E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D694D8F2-F629-455E-A614-DAB78EDB8C9B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{116C2814-97A6-4969-9238-4D082FC2A19C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A0E6012-5BE4-4ACB-94AC-5CBF6FFD3184}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F545668F-2FAB-4DF9-87A1-B7E398B618AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4E51BDFD-7B68-42AF-861C-34150F6BA9A6}c:\\program files\\skulltag 0.97d4\\idese.exe"= UDP:c:\program files\skulltag 0.97d4\idese.exe:Idese
"UDP Query User{F92A006F-E0E7-466A-91B1-0622874943E2}c:\\program files\\skulltag 0.97d4\\idese.exe"= TCP:c:\program files\skulltag 0.97d4\idese.exe:Idese
"TCP Query User{1D2F3CAA-AC6B-4AF7-9BC3-88E81FE972C9}c:\\program files\\skulltag 0.97d4\\skulltag.exe"= UDP:c:\program files\skulltag 0.97d4\skulltag.exe:Skulltag
"UDP Query User{D202A0F9-4405-4822-8272-25B6C962D363}c:\\program files\\skulltag 0.97d4\\skulltag.exe"= TCP:c:\program files\skulltag 0.97d4\skulltag.exe:Skulltag
"{CB9CC205-85F6-4FA1-8558-9F1EF1738C13}"= UDP:c:\program files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{EBC2A438-8D71-4513-8D44-4B9DA796071F}"= TCP:c:\program files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{EF801B1F-3CE3-4068-B9D2-99839EF83788}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EF8608FD-7993-4D78-B4B9-DBBC07435F19}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{47CFD3FB-D810-47A3-BF00-F902B5C21B85}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9065EACC-FFD3-495F-A195-A64F7F553328}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D7592CF6-2B5B-40EA-AE85-3CE5FD302E4E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{68C624AD-4957-4A2C-B3CA-C0D86EC93A73}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0CC8EDBD-B05C-4128-BE2E-EE6C721C9F02}"= UDP:3689:Itunes Remote
"{F53B73C3-142E-4895-AEC2-24EF35809D4D}"= TCP:5353:Itunes Remote 2
"{DA216633-227E-4A85-A8CF-043E233E3560}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{65A970B0-A5E6-4FF1-BAC6-A743AB9A8CDC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [9/4/2009 4:01 PM 28544]
R0 RVSDISK;RVSDISK;c:\windows\System32\drivers\RVSDISK.sys [9/6/2008 4:28 PM 11904]
R0 RVSYSTEM;RVSYSTEM;c:\windows\System32\drivers\RVSYSTEM.sys [9/6/2008 4:28 PM 38272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/31/2009 12:12 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/31/2009 12:12 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/31/2009 12:10 AM 297752]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/20/2008 10:27 PM 249856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/20/2008 10:27 PM 212992]
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 23:28]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221203700-3011449068-2825638513-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 00:38]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221203700-3011449068-2825638513-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 00:38]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1689682F-734F-41C3-A2B5-D1C884269B3C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4j9qkn2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - chrome://google-cjk-partner/locale/partner.properties
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 00:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:91,8f,f9,54,60,cc,d5,16,ac,ff,e7,a7,9d,91,81,a1,53,73,ad,98,cf,20,cd,
f4,91,55,58,ab,59,8e,8c,55,44,1d,0f,d3,4f,cf,d5,e9,96,88,23,86,67,5f,36,5b,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a

[HKEY_USERS\S-1-5-21-3221203700-3011449068-2825638513-500\Software\SecuROM\License information*]
"datasecu"=hex:41,90,30,ff,47,a8,ad,2e,18,88,ac,cf,2b,f0,28,b7,50,ad,39,dd,92,
0a,38,12,45,a0,a3,d2,79,f7,e0,1c,26,ec,42,8a,f2,57,59,2b,32,17,21,5d,61,d2,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,19,a8,4b,89,4c,
61,ec,54,e2,63,26,f1,3f,c8,ff,68,51,7a,97,db,3b,11,a0,e6,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7e,04,04,61,36,
c5,ad,ca,6a,9c,d6,61,af,45,84,18,da,e1,99,f6,9e,38,88,61,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,aa,4e,49,3e,12,
32,d0,a9,ff,7c,85,e0,43,d4,0e,fe,a6,90,39,c8,3f,18,56,5f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,4c,b1,35,9c,43,
7c,0a,ff,86,8c,21,01,be,91,eb,e7,7d,84,93,19,10,44,ca,bb,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,cc,ac,26,9f,36,
00,f0,f5,f5,1d,4d,73,a8,13,5c,05,04,7b,56,27,e0,6b,d8,3c,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,67,54,aa,e5,c8,
b1,9a,4f,df,20,58,62,78,6b,cf,c8,2c,f1,5d,9a,74,17,01,8a,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,52,59,54,1c,76,
13,2f,de,fb,a7,78,e6,12,2f,9a,ea,99,49,85,79,62,bd,fd,fb,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f3,e8,6c,f1,95,
5e,74,e0,01,3a,48,fc,e8,04,4a,f1,35,08,c2,36,ee,7f,7a,06,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,1a,9e,92,7a,44,
e1,83,43,f6,0f,4e,58,98,5b,89,c9,66,75,13,33,8d,f9,7c,1d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a0,54,b4,b7,9e,
d4,f4,17,3d,ce,ea,26,2d,45,aa,78,2a,d1,45,df,57,b3,2d,60,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2c,21,05,7a,26,
0e,5d,56,2a,b7,cc,b5,b9,7f,41,e7,c4,85,22,17,2b,60,40,d5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,76,5a,04,7d,de,
01,f3,c4,6c,43,2d,1e,aa,22,2f,9c,a1,84,4a,55,f6,4f,bd,5f,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-09-05 0:59
ComboFix-quarantined-files.txt 2009-09-05 04:58
ComboFix2.txt 2009-09-05 03:46

Pre-Run: 18,882,699,264 bytes free
Post-Run: 18,714,238,976 bytes free

399 --- E O F --- 2009-09-04 05:00


Here is the Malwarebyte log:


Malwarebytes' Anti-Malware 1.40
Database version: 2744
Windows 6.0.6002 Service Pack 2

9/5/2009 1:09:32 AM
mbam-log-2009-09-05 (01-09-32).txt

Scan type: Quick Scan
Objects scanned: 108785
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Administrator\Desktop\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.


I'm currently in the middle of the Kaspersky Online Scanner, its been about 20min and it's only 4% done so I'll post results when it finishes, so far no infections or anything have been found

thanks

[CatByte]

sounds good.

Kaspersky can take several hours, it is very thorough, so please let it finish.

We'll pick this up again tomorrow.

[kdog179]

Alright, I'll let the scan run for now and I'll post results in the morning

Things seem to be going alot better now so thanks again :)

[kdog179]

ok here's the log for the Kaspersky Scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 5, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 05, 2009 07:32:17
Records in database: 2748374
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 365574
Threats found: 8
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 05:08:51


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\rotscxcmpimidw.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\rotscxouimdlfx.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\rotscxubesidrv.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\UACnedtxipstw.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\Windows\System32\UACnifclrbxsq.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\Windows\System32\UACvvddhtprec.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\Windows\System32\UACxdebxbhidr.dll.vir Infected: Trojan.Win32.Tdss.anrc 1
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-60830fd2 Infected: Trojan-Downloader.Java.OpenConnection.at 1

Selected area has been scanned.

[CatByte]

Hi,

You just need to clear your Java cache - the rest of the files are in quarantine which we will be clearing up shortly.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues

[kdog179]

Things seem alot better, I no longer get any error messages, things don't crash when I try opening them, I can turn on my Security center, it appears that the infection is gone and hopefully it is



DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 10:44:20.11 on Sat 09/05/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.836 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Administrator\AppData\Local\temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Users\Administrator\AppData\Local\temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\4j9qkn2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - chrome://google-cjk-partner/locale/partner.properties
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-9-4 28544]
R0 RVSDISK;RVSDISK;c:\windows\system32\drivers\RVSDISK.sys [2008-9-6 11904]
R0 RVSYSTEM;RVSYSTEM;c:\windows\system32\drivers\RVSYSTEM.sys [2008-9-6 38272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-31 297752]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2008-9-20 249856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2008-9-20 212992]

=============== Created Last 30 ================

2009-09-05 00:56 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-04 23:05 230,912 a------- c:\windows\PEV.exe
2009-09-04 23:05 161,792 a------- c:\windows\SWREG.exe
2009-09-04 23:05 98,816 a------- c:\windows\sed.exe
2009-09-04 20:02 <DIR> --d----- c:\users\admini~1\appdata\roaming\PCToolsFirewallPlus
2009-09-04 20:02 <DIR> --d----- c:\users\admini~1\appdata\roaming\PCToolsSpamMonitorPlus
2009-09-04 17:38 <DIR> --d----- c:\users\admini~1\appdata\roaming\Malwarebytes
2009-09-04 17:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 17:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 17:38 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-04 17:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 17:38 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-04 16:01 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-09-04 16:00 <DIR> --d----- c:\program files\Panda Security
2009-09-04 12:02 <DIR> --d----- c:\programdata\PC Tools
2009-09-04 12:02 <DIR> --d----- c:\progra~2\PC Tools
2009-09-04 11:26 4,592,928 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-04 11:26 8,240 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-04 11:25 2,348 a------- C:\rollback.ini
2009-09-04 11:16 <DIR> --d----- c:\programdata\ParetoLogic
2009-09-04 11:16 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-09-04 11:16 <DIR> --d----- c:\progra~2\ParetoLogic
2009-09-04 10:48 <DIR> --d----- c:\programdata\SecTaskMan
2009-09-04 10:48 <DIR> --d----- c:\progra~2\SecTaskMan
2009-09-04 10:48 <DIR> --d----- c:\program files\Security Task Manager
2009-09-04 04:05 195,057,890 a------- c:\windows\MEMORY.DMP
2009-09-04 00:33 <DIR> --d----- c:\users\admini~1\appdata\roaming\.clamwin
2009-09-03 23:45 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-03 22:49 <DIR> --d----- c:\users\administrator\.thumbnails
2009-09-03 22:42 <DIR> --d----- c:\users\administrator\.gimp-2.6
2009-09-01 21:35 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-09-01 21:35 <DIR> --d----- c:\users\administrator\Office Genuine Advantage
2009-09-01 21:12 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-01 21:12 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 21:11 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-09-01 21:11 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-01 21:11 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-01 21:11 270,848 a------- c:\windows\system32\schannel.dll
2009-09-01 21:11 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-01 21:11 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-01 21:11 72,704 a------- c:\windows\system32\secur32.dll
2009-09-01 21:11 9,728 a------- c:\windows\system32\lsass.exe
2009-09-01 20:58 <DIR> --d----- c:\program files\epson
2009-09-01 20:58 61,952 a------- c:\windows\system32\escwiad.dll
2009-08-28 01:33 <DIR> --d----- C:\HammerAutosave
2009-08-27 12:47 2,048 a------- c:\windows\system32\tzres.dll
2009-08-22 19:21 <DIR> --d--r-- C:\Kevin
2009-08-12 15:10 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 15:10 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 15:10 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 15:10 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 15:10 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 15:10 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 15:10 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 15:10 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 15:10 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 15:10 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 15:10 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-07 19:51 178,430 a------- c:\windows\system32\xlive.dll.cat
2009-08-07 03:01 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-08-07 03:01 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-08-07 03:01 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-08-07 03:00 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE

==================== Find3M ====================

2009-09-04 12:11 51,200 a------- c:\windows\inf\infpub.dat
2009-09-04 12:11 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-04 12:11 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-12 18:47 137,544 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-12 18:46 189,480 a------- c:\windows\system32\PnkBstrB.exe
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-31 00:12 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-31 00:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 00:12 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 14:09 139,152 a------- c:\users\admini~1\appdata\roaming\PnkBstrK.sys
2009-07-22 14:09 794,408 a------- c:\windows\system32\pbsvc.exe
2009-07-22 14:09 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 07:35 828,416 a------- c:\windows\system32\wininet.dll
2009-07-08 01:17 34 a------- c:\users\administrator\jagex_runescape_preferences.dat
2009-06-20 10:42 1,049,790 a------- c:\windows\Prison Tycoon 3 Uninstaller.exe
2009-06-16 00:19 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-15 10:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 10:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 10:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 10:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:42 289,792 a------- c:\windows\system32\atmfd.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2007-03-17 02:00 35,979 a------- c:\program files\Photoshop CS3 Read Me.html
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-18 11:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-18 11:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-18 11:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-05 23:09 56 a--shr-- c:\windows\system32\5A8056E750.sys
2008-09-05 23:09 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 10:44:45.01 ===============

[CatByte]

Hi,

You are clean,

Just some housekeeping to do now:

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

• Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.

NEXT:

You can delete the DDS and GMER folders from your desktop.

NEXT

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe.
  
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• For Firefox, I highly recommend this add-on to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

[kdog179]

sorry for the slow reply...

I did most of the things you said in the last post, got some new software and such.

Only problem I had was the ComboFix /U in Run, I got a message saying ComboFix couldn't be found.

Other than that Everything is doing good, I am very thankful for the help, you saved me :D

Thanks again

[CatByte]

You are more than welcome

stay safe

~CB

[kdog179]

I'm really glad I decided to visit this fourm, I was having second thoughts at first. I'm taking new measures to ensure this won't happen again :)

I'm even talking to my friend and he looking into some of the guides here to beef up his security.

I appreciate your help!