Can't remove malware, help needed if possible [Archive]

View Full Version : Can't remove malware, help needed if possible

Anonymity

2009-03-11, 00:40

I have attempted to remove the malware myself but I can't seem to get anywhere.

I have managed to install:

Spy bot S&D - but it will not run the application crashes. Also can't connect to the update server.
AVG Free - found nothing and can't connect to the update server
RootKit reveal - ran but on a different display, see log below.
HiJackThis - ran with log below, on first run there were applications with a random string of letters and number, also the application winlognn.exe was present.
Malwarebytes Anti-Malware - will not run and the application crashes when I try to launch it.
CCleaner - ran ok but didn't help
IOBIT - Advance System Care ran ok but again didn't help.

The above happen in both normal boot mode, safe mode and safe mode with networking.

There are strange files appearing in c:\users\[username]\appdata\local\temp\ and c:\users\[username]\appdata\local\temp\low. When scanned non of these files contain viruses.

There was an entry in the host file of ::1

Internet explorer and firefox redirect to strange pages when navigating from google.com search results. Firefox get an infinte redirect on the mozilla default page. Internet explorer also keeps launching and going to a book review site.

I can't run regedit it says registry editing has been disabled by your administrator.

There were alot of entries like the red one in the hi jack this log but i removed all of them, i have put that one back in using msconfig. For the log report.

Hi Jack this results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:40, on 10/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Alex\Desktop\procexp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msconfig.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\Windows\system32\hs3i7jdgfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hs3i7jdgfd.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [dq1jo9d2bazmk75j3meeozdij9r9tevssf51x] C:\Users\Alex\AppData\Local\Temp\a5wkig.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F264DA5-76A7-4EA6-B823-1EB780F03E46}: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{93D60165-3227-4386-87BC-F990DC2DE213}: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F264DA5-76A7-4EA6-B823-1EB780F03E46}: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F264DA5-76A7-4EA6-B823-1EB780F03E46}: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F264DA5-76A7-4EA6-B823-1EB780F03E46}: NameServer = 85.255.112.166,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.166,85.255.112.67
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hs3i7jdgfd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PMBVGWTAEO - Sysinternals - www.sysinternals.com - C:\Users\Alex\AppData\Local\Temp\PMBVGWTAEO.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7782 bytes

RootKit Reveal results:

HKLM\SOFTWARE\gaopdx 05/03/2009 22:23 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Licenses\{K7C0DB872A3F777C0} 10/03/2009 21:32 589 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\Licenses\{I781F7A018B2EFAD7} 10/03/2009 21:32 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Licenses\{0781F7A018B2EFAD7} 10/03/2009 21:32 137 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/03/2009 21:45 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionIdHigh 10/03/2009 19:20 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionIdLow 10/03/2009 19:20 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 02/11/2006 12:54 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 02/11/2006 12:54 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 02/11/2006 12:54 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 02/11/2006 12:54 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 02/11/2006 10:33 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}\DynamicInfo 08/03/2009 23:45 28 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BA5E5C7-0078-414A-94DD-D753B787C644}\DynamicInfo 08/03/2009 23:46 28 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}\DynamicInfo 10/03/2009 21:44 28 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\LogName 10/03/2009 21:44 206 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\NotificationLogCheckPoint 10/03/2009 21:44 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\SecondaryLogName 10/03/2009 21:44 206 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\PCTools\Spyware Doctor\AUXSVCSTAT 10/03/2009 21:45 44 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys 10/03/2009 21:30 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys 06/03/2009 00:35 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys 05/03/2009 22:31 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys 10/03/2009 21:30 0 bytes Hidden from Windows API.
C: 01/01/1601 00:00 0 bytes Error mounting volume
E: 01/01/1601 00:00 0 bytes Error mounting volume

Any help is greatly recieved.

Anonymity

2009-03-11, 00:48

DDS log

DDS (Ver_09-02-01.01) - NTFSx86
Run by Alex at 22:43:29.56 on 10/03/2009
Internet Explorer: 7.0.6000.16809
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1022.327 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Users\Alex\Desktop\procexp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: c:\windows\system32\hs3i7jdgfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs3i7jdgfd.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 85.255.112.166,85.255.112.67
TCP: {0F264DA5-76A7-4EA6-B823-1EB780F03E46} = 85.255.112.166,85.255.112.67
TCP: {93D60165-3227-4386-87BC-F990DC2DE213} = 85.255.112.166,85.255.112.67
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
STS: c:\windows\system32\hs3i7jdgfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs3i7jdgfd.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\2ldo8jjr.default\
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-7 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-6 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-14 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-14 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-8 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-6 348752]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-12-14 464384]
S3 dfl0f19;dfl0f19;c:\windows\system32\drivers\dfl0f19.sys [2009-3-5 22304]
S3 egma56a;egma56a;c:\windows\system32\drivers\egma56a.sys [2009-3-5 22304]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-2-1 8320]
S3 PMBVGWTAEO;PMBVGWTAEO;c:\users\alex\appdata\local\temp\PMBVGWTAEO.exe [2009-3-10 412544]

=============== Created Last 30 ================

2009-03-10 21:41 92 a---h--- C:\aaw7boot.cmd
2009-03-10 19:07 <DIR> --d----- c:\windows\pss
2009-03-09 00:03 <DIR> --d----- c:\program files\Trend Micro
2009-03-08 23:39 <DIR> --d----- c:\users\alex\appdata\roaming\JetBrains
2009-03-08 23:24 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-08 23:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-08 23:24 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-03-08 22:26 153,501,889 a------- c:\windows\MEMORY.DMP
2009-03-08 20:13 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-07 16:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-07 16:19 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-07 16:19 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-07 16:19 <DIR> --d----- c:\programdata\Lavasoft
2009-03-07 16:19 <DIR> --d----- c:\program files\Lavasoft
2009-03-07 16:18 <DIR> --d----- c:\program files\CCleaner
2009-03-07 15:40 <DIR> --d----- c:\users\alex\appdata\roaming\IObit
2009-03-07 15:40 <DIR> --d----- c:\program files\IObit
2009-03-07 15:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-07 15:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 15:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-07 15:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-07 15:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 08:00 <DIR> --d----- c:\users\alex\appdata\roaming\Software Informer
2009-03-06 07:59 <DIR> --d----- c:\users\alex\appdata\roaming\Free Download Manager
2009-03-06 00:17 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 00:16 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-06 00:16 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 00:16 <DIR> a-d----- c:\programdata\TEMP
2009-03-06 00:16 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-06 00:16 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-06 00:16 <DIR> --d----- c:\users\alex\appdata\roaming\PC Tools
2009-03-06 00:16 <DIR> --d----- c:\programdata\PC Tools
2009-03-06 00:16 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-06 00:16 <DIR> --d----- c:\progra~2\PC Tools
2009-03-05 22:30 22,304 a------- c:\windows\system32\drivers\dfl0f19.sys
2009-03-05 22:23 22,304 a------- c:\windows\system32\drivers\egma56a.sys
2009-03-05 22:23 15,000 a------- c:\windows\system32\hs3i7jdgfd.dll
2009-03-05 22:23 333 ---shr-- C:\autorun.inf
2009-02-15 22:46 428,032 a------- c:\windows\system32\EncDec.dll
2009-02-15 22:46 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-02-15 22:46 292,352 a------- c:\windows\system32\psisdecd.dll
2009-02-15 22:46 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-15 22:46 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-02-15 22:46 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-15 22:46 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-02-15 22:46 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-14 03:04 <DIR> --d----- c:\windows\SQLTools9_KB960089_ENU
2009-02-14 03:02 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-13 17:53 1,458,176 a------- c:\windows\system32\stlang.dll
2009-02-13 17:53 303,104 a------- c:\windows\sttray.exe
2009-02-13 17:53 90,112 a------- c:\windows\system32\stacsv.exe
2009-02-13 17:53 4,931,584 a------- c:\windows\system32\stacgui.cpl
2009-02-13 17:52 141,824 a------- c:\windows\system32\staco.dll
2009-02-13 17:52 647,680 a------- c:\windows\system32\drivers\stwrt.sys
2009-02-13 17:52 535,552 a------- c:\windows\system32\stapo.dll
2009-02-13 17:52 416,256 a------- c:\windows\system32\ctapo32.dll
2009-02-13 17:52 238,592 a------- c:\windows\system32\stapi32.dll
2009-02-13 17:52 45,568 a------- c:\windows\system32\ctppld.dll
2009-02-13 17:52 <DIR> --d----- c:\program files\SigmaTel
2009-02-13 17:52 <DIR> --d----- C:\dell
2009-02-13 14:17 <DIR> --d----- c:\program files\Microsoft Virtual PC
2009-02-13 14:07 <DIR> --d----- c:\program files\Microsoft
2009-02-13 14:04 <DIR> --d----- C:\VirtualMachine
2009-02-13 13:11 <DIR> --d----- C:\Downloads
2009-02-13 13:11 <DIR> --d----- c:\program files\Software Informer
2009-02-13 13:10 <DIR> --d----- c:\programdata\FreeDownloadManager.ORG
2009-02-13 13:10 <DIR> --d----- c:\program files\Free Download Manager
2009-02-13 13:10 <DIR> --d----- c:\progra~2\FreeDownloadManager.ORG
2009-02-13 11:38 <DIR> --d----- C:\inetpub
2009-02-13 09:06 <DIR> --d----- c:\program files\JetBrains
2009-02-13 08:51 172 a------- c:\windows\ODBC.INI
2009-02-13 08:49 <DIR> --d----- c:\windows\system32\js
2009-02-13 08:49 <DIR> --d----- c:\windows\system32\images
2009-02-13 08:49 <DIR> --d----- c:\windows\system32\html
2009-02-13 08:49 <DIR> --d----- c:\windows\system32\css
2009-02-13 08:49 <DIR> --d----- c:\program files\Business Objects
2009-02-13 08:42 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-02-13 08:41 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-02-13 08:39 <DIR> --d----- c:\program files\Windows Mobile 5.0 SDK R2
2009-02-13 08:38 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-02-13 08:38 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-02-13 08:25 <DIR> --d----- c:\programdata\PreEmptive Solutions
2009-02-13 08:25 <DIR> --d----- c:\progra~2\PreEmptive Solutions
2009-02-13 08:20 <DIR> --d----- c:\windows\system32\1033
2009-02-13 08:18 <DIR> --d----- c:\program files\HTML Help Workshop
2009-02-13 08:18 <DIR> --d----- c:\program files\common files\Merge Modules
2009-02-13 08:18 <DIR> --d----- c:\program files\CE Remote Tools
2009-02-13 08:13 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-02-13 08:07 <DIR> --d----- c:\programdata\Microsoft Help
2009-02-13 07:58 88,576 a------- c:\windows\system32\infocardapi.dll
2009-02-13 07:58 28,160 a------- c:\windows\system32\infocardcpl.cpl
2009-02-13 07:58 579,584 a------- c:\windows\system32\icardagt.exe
2009-02-13 07:58 11,776 a------- c:\windows\system32\icardres.dll
2009-02-13 07:58 106,520 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 07:58 33,304 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-13 07:58 350,744 a------- c:\windows\system32\PresentationHost.exe
2009-02-13 07:58 779,800 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-13 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-12 00:20 <DIR> --d----- c:\programdata\Nokia
2009-02-12 00:20 <DIR> --d----- c:\progra~2\Nokia
2009-02-12 00:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 00:01 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 00:00 503,864 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-02-12 00:00 35,896 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-02-12 00:00 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-02-11 20:06 <DIR> --d----- c:\programdata\PC Suite
2009-02-11 19:28 <DIR> --d----- c:\program files\common files\PCSuite
2009-02-11 19:28 <DIR> --d----- c:\program files\common files\Nokia
2009-02-11 19:27 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-02-11 19:25 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-02-11 19:19 90,624 a------- c:\windows\system32\nmwcdcls.dll
2009-02-11 19:19 <DIR> --d----- c:\program files\Nokia
2009-02-11 19:17 <DIR> --d----- c:\programdata\Installations
2009-02-10 22:26 1,831,424 a------- c:\windows\system32\inetcpl.cpl
2009-02-10 22:26 1,383,424 a------- c:\windows\system32\mshtml.tlb

==================== Find3M ====================

2009-02-17 19:26 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-17 19:26 51,200 a------- c:\windows\inf\infpub.dat
2009-02-13 17:53 86,016 a------- c:\windows\inf\infstor.dat
2009-02-05 23:41 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-05 23:41 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-05 23:41 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-15 04:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-15 04:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-15 04:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-15 04:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-01-04 19:28 3,616 a------- c:\windows\system32\ealregsnapshot1.reg
2008-12-15 23:27 268,800 a------- c:\windows\system32\es.dll
2008-12-15 23:18 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-15 23:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-15 23:08 174 a--sh--- c:\program files\desktop.ini
2008-12-15 00:54 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-15 00:54 272,896 a------- c:\windows\system32\polstore.dll
2008-12-15 00:54 61,440 a------- c:\windows\system32\winipsec.dll
2008-12-15 00:54 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-12-15 00:52 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-15 00:52 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-12-15 00:52 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-15 00:50 205,824 a------- c:\windows\system32\msoeacct.dll
2008-12-15 00:50 39,424 a------- c:\windows\system32\ACCTRES.dll
2008-12-15 00:50 87,040 a------- c:\windows\system32\msoert2.dll
2008-12-15 00:49 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2008-12-15 00:49 24,064 a------- c:\windows\system32\wtsapi32.dll
2008-12-15 00:49 542,720 a------- c:\windows\system32\sysmain.dll
2008-12-15 00:49 290,816 a------- c:\windows\system32\wlanmsm.dll
2008-12-15 00:49 67,584 a------- c:\windows\system32\wlanhlp.dll
2008-12-15 00:49 47,104 a------- c:\windows\system32\wlanapi.dll
2008-12-15 00:49 502,784 a------- c:\windows\system32\wlansvc.dll
2008-12-15 00:49 297,984 a------- c:\windows\system32\wlansec.dll
2008-12-15 00:47 194,560 a------- c:\windows\system32\WebClnt.dll
2008-12-15 00:43 376,320 a------- c:\windows\system32\winsrv.dll
2008-12-15 00:43 49,664 a------- c:\windows\system32\csrsrv.dll
2008-12-15 00:39 297,472 a------- c:\windows\system32\gdi32.dll
2008-12-15 00:34 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2008-12-15 00:33 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-15 00:33 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-12-15 00:33 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-12-15 00:33 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-12-15 00:33 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-15 00:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-15 00:33 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-15 00:33 1,687,040 a------- c:\windows\system32\gameux.dll
2008-12-15 00:32 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-15 00:31 2,027,520 a------- c:\windows\system32\win32k.sys
2008-12-15 00:30 1,194,496 a------- c:\windows\system32\msxml3.dll
2008-12-15 00:30 2,048 a------- c:\windows\system32\msxml3r.dll
2008-12-15 00:29 414,208 a------- c:\windows\system32\msscp.dll
2008-12-15 00:29 8,147,968 a------- c:\windows\system32\wmploc.DLL
2008-12-15 00:29 7,680 a------- c:\windows\system32\spwmp.dll
2008-12-15 00:29 4,096 a------- c:\windows\system32\dxmasf.dll
2008-12-15 00:28 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2008-12-15 00:28 392,192 a------- c:\windows\system32\FirewallAPI.dll
2008-12-15 00:28 396,800 a------- c:\windows\system32\MPSSVC.dll
2008-12-15 00:28 86,016 a------- c:\windows\system32\icfupgd.dll
2008-12-15 00:28 16,896 a------- c:\windows\system32\wfapigp.dll
2008-12-15 00:28 178,688 a------- c:\windows\system32\iphlpsvc.dll
2008-12-15 00:28 61,952 a------- c:\windows\system32\cmifw.dll
2008-12-15 00:26 2,048 a------- c:\windows\system32\tzres.dll
2008-12-15 00:19 104,448 a------- c:\windows\system32\DWWIN.EXE
2008-12-15 00:19 2,923,520 a------- c:\windows\explorer.exe
2008-12-15 00:17 8,704 a------- c:\windows\system32\hcrstco.dll
2008-12-15 00:17 8,704 a------- c:\windows\system32\hccoin.dll
2008-12-15 00:13 167,424 a------- c:\windows\system32\tcpipcfg.dll
2008-12-15 00:13 24,064 a------- c:\windows\system32\netcfg.exe
2008-12-15 00:13 22,016 a------- c:\windows\system32\netiougc.exe
2008-12-15 00:08 1,585,664 a------- c:\windows\system32\setupapi.dll
2008-12-15 00:04 223,232 a------- c:\windows\system32\WMASF.DLL
2008-12-15 00:04 9,728 a------- c:\windows\system32\LAPRXY.DLL
2008-12-15 00:04 2,048 a------- c:\windows\system32\asferror.dll
2008-12-15 00:03 223,232 a------- c:\windows\system32\SLC.dll
2008-12-15 00:03 268,288 a------- c:\windows\system32\mcbuilder.exe
2008-12-15 00:03 33,280 a------- c:\windows\system32\slwmi.dll
2008-12-15 00:03 566,784 a------- c:\windows\system32\SLCommDlg.dll
2008-12-15 00:03 351,232 a------- c:\windows\system32\SLUI.exe
2008-12-15 00:03 186,368 a------- c:\windows\system32\SLLUA.exe
2008-12-15 00:03 57,856 a------- c:\windows\system32\SLUINotify.dll
2008-12-15 00:03 2,605,568 a------- c:\windows\system32\SLsvc.exe
2008-12-15 00:03 39,936 a------- c:\windows\system32\slcinst.dll
2008-12-15 00:02 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-15 00:02 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-15 00:02 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-14 23:59 441,856 a------- c:\windows\system32\win32spl.dll
2008-12-14 23:59 37,376 a------- c:\windows\system32\printcom.dll
2008-12-14 23:59 14,848 a------- c:\windows\system32\wshrm.dll
2008-12-14 23:58 11,776 a------- c:\windows\system32\sbunattend.exe
2008-12-14 23:58 83,968 a------- c:\windows\system32\dnsrslvr.dll
2008-12-14 23:58 24,576 a------- c:\windows\system32\dnscacheugc.exe
2008-12-14 23:57 2,855,424 a------- c:\windows\system32\mf.dll
2008-12-14 23:57 98,816 a------- c:\windows\system32\mfps.dll
2008-12-14 23:57 52,736 a------- c:\windows\system32\rrinstaller.exe
2008-12-14 23:57 2,048 a------- c:\windows\system32\mferror.dll
2008-12-14 23:57 24,576 a------- c:\windows\system32\mfpmp.exe
2008-12-14 23:57 94,720 a------- c:\windows\system32\logagent.exe
2008-12-14 23:57 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-14 23:56 788,992 a------- c:\windows\system32\rpcrt4.dll
2008-12-14 23:56:21 A------- 737,792 c:\windows\system32\inetcomm.dll
2006-11-02 02:17 299,060 a--shr-- c:\windows\server.exe

============= FINISH: 22:45:30.85 ===============

Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13/12/2008 17:29:06
System Uptime: 03/10/2009 21:30:44 (-4967 hours ago)

Motherboard: Dell Inc. | | 0MF252
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 43.858 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 149 GiB total, 61.57 GiB free.
F: is CDROM ()
G: is Removable
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
4oD
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced SystemCare 3
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
AVG Free 8.0
Belkin 54Mbps Wireless Network Adapter
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Codec Pack - All In 1 6.0.3.0
Command & Conquer™ Red Alert™ 3
Crystal Reports Basic for Visual Studio 2008
EA Download Manager
FileZilla Client 3.2.1
Free Download Manager 3.0
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Hackman Suite
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241)
Internet Explorer Developer Toolbar
iTunes
JetBrains ReSharper 4.1
Magic ISO Maker v5.5 (build 0273)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Medieval CUE Splitter
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mozilla Firefox (3.0.7)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia Software Updater
Notepad++
PC Connectivity Solution
PDF Settings
QuickTime
RAR Password Cracker 4.12
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB954326)
SigmaTel Audio
Skins
Smart Menus (Windows Live Toolbar)
Software Informer 1.0 BETA
Spybot - Search & Destroy
Spyware Doctor 6.0
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
VC Runtimes MSI
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
World of Warcraft FREE Trial

==== End Of File ===========================

pskelley

2009-03-15, 00:20

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
If you still need help, you are infected, include hijacked by criminals fro the Ukraine: 85.255.112.166
http://whois.domaintools.com/85.255.112.166

If you want help, this is what you must do.

1) Read the "Before you Post" directions and follow them.

2) Return System Configuration Utility (MSConfig) to Normal Mode so I can see everything.

3) Disable TeaTimer as instructed.

4) DO NOT post any information I do not request.

5) Post a new HJT log using the copy/paste method as described in the instructions.

Thanks

pskelley

2009-03-20, 14:21

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.