Results 1 to 10 of 20

Thread: virtumonde.sdn, dynamically altered links, lots of bad stuff

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Unhappy virtumonde.sdn, dynamically altered links, lots of bad stuff

    Hi.

    Over the last week or so, my system has been getting more and more infected with spyware. I've tried AVG, Ad-aware, Malwarebytes, Spybot S&D, Vundofix, updating outdated programs with PSI, and a number of other solutions. Many of these programs seem to find 10-40ish instances of spyware, remove all but a few ("Virtumonde.sdn), claim to finish removing them on a computer restart, fail to do so, and then my spyware seems to just be getting worse. I've tried vain attempts to combat this... msconfig and disabling some suspicious-looking processes. Anyway, I need a total clean solution.

    Symptoms:
    -Firefox loads slowly and most links are converted to "google redirect" addresses that aren't the correct links (SO hard to register for this forum because of that)
    -My task manager and registry editor were disabled until I applied a fix
    -My computer will randomly get very slow and freeze a lot, nearly always on startup
    -Popups happen all the time
    -Rogue fake spyware programs have been installed and ask me to register them
    -Windows options have been changed, hiding file extensions

    Please help me. I'm very worried. My computer is very important.

    Here's my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:21:26 AM, on 5/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - Default URLSearchHook is missing
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {c871956a-1bff-4b64-9254-6551494a43aa} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Microsoft copyright - {F30B5E7E-CFBB-44fb-A947-226E5A7A4290} - lklf32.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
    O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
    O4 - Startup: ChkDisk.dll
    O4 - Startup: ChkDisk.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\office03\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office03\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

    http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\ c:\windows\system32\nalusihe.dll,C:\WINDOWS\system32\gizidese.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: hggfdec - hggfdec.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 12230 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi picklehammer

    We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.


    A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Default

    ComboFix 09-05-23.04 - tyler 05/24/2009 2:45.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.615 [GMT -7:00]
    Running from: c:\documents and settings\tyler\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Application Data\1055860099.exe
    c:\documents and settings\LocalService\Application Data\916653139.exe
    c:\documents and settings\LocalService\protect.dll
    c:\documents and settings\tyler\Local Settings\Temporary Internet Files\fbk.sts
    c:\documents and settings\tyler\protect.dll
    c:\documents and settings\tyler\Start Menu\Programs\Startup\ChkDisk.dll
    c:\documents and settings\tyler\Start Menu\Programs\Startup\ChkDisk.lnk
    c:\program files\icroso~1
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\INSTALL.LOG
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\program files\WinPCap\Uninstall.exe
    c:\windows\fnts~1
    c:\windows\system\oeminfo.ini
    c:\windows\system32\autochk.dll
    c:\windows\system32\config\systemprofile\protect.dll
    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\drivers\ovfsthvymesoyvdpmpiksmxxflewndjouobobu.sys
    c:\windows\system32\Ijl11.dll
    c:\windows\system32\lmn_setup.exe
    c:\windows\system32\ovfsthbxakoykveeojioyvfcjyhqpsbhojfsjj.dll
    c:\windows\system32\ovfsthmbsjujgwtdfpxmbrfqqmoelydvugaitd.dll
    c:\windows\system32\ovfsthonkrbyrdupkdlshexbyrfeklphcvwbaw.dat
    c:\windows\system32\ovfsthrqiryskkqbivjyymklwlmxtpgvbmakxf.dat
    c:\windows\system32\ovfsthtueppkcrqsitkjhvtsgeqdxhfipurfke.dll
    c:\windows\system32\ovfsthtueppkcrqsitkjhvtsgeqdxhfipurfke.dll_old
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\service-466.exe
    c:\windows\system32\sft.res
    c:\windows\system32\test.ttt
    c:\windows\system32\uniq.tll
    c:\windows\system32\win32hlp.cnf
    c:\windows\system32\wpcap.dll
    C:\xcrashdump.dat

    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthkmlrrvkkylhbaompfefkosntjiijclfn
    -------\Legacy_MSCONTROLSERVICE
    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
    .

    2009-05-24 07:26 . 2009-05-24 07:26 -------- d-----w c:\program files\ERUNT
    2009-05-24 07:21 . 2009-05-24 07:21 -------- d-----w c:\program files\Trend Micro
    2009-05-24 06:55 . 2009-05-24 06:55 29184 ----a-w c:\windows\system32\lklf32.dll
    2009-05-23 02:24 . 2009-05-24 07:43 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-05-23 02:23 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
    2009-05-23 02:22 . 2009-04-03 18:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
    2009-05-23 02:22 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
    2009-05-23 02:22 . 2009-05-23 02:25 -------- d-----w c:\program files\Common Files\PC Tools
    2009-05-23 02:22 . 2008-12-10 18:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
    2009-05-23 02:22 . 2009-05-23 06:08 -------- d-----w c:\program files\Spyware Doctor
    2009-05-23 02:22 . 2009-05-23 02:22 -------- d-----w c:\documents and settings\tyler\Application Data\PC Tools
    2009-05-23 02:22 . 2009-05-23 02:22 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
    2009-05-23 02:07 . 2009-05-23 02:07 -------- d-----w C:\VundoFix Backups
    2009-05-23 01:00 . 2009-05-23 01:00 29184 ----a-w c:\windows\system32\jhxm32.dll
    2009-05-23 01:00 . 2009-05-23 01:00 32768 ----a-w c:\windows\system32\avast!Antivirus.exe
    2009-05-21 01:21 . 2009-05-21 01:21 -------- d-----w c:\documents and settings\tyler\Application Data\vlc
    2009-05-20 06:35 . 2009-05-20 06:35 57344 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-31f380fe-n\Decora-SSE.dll
    2009-05-20 06:35 . 2009-05-20 06:35 24064 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7c65e637-n\Decora-D3D.dll
    2009-05-20 06:35 . 2009-05-20 06:35 499712 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4d8d8b33-n\msvcp71.dll
    2009-05-20 06:35 . 2009-05-20 06:35 499712 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4d8d8b33-n\jmc.dll
    2009-05-20 06:35 . 2009-05-20 06:35 348160 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4d8d8b33-n\msvcr71.dll
    2009-05-20 06:35 . 2009-05-20 06:35 315392 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7eb0a5f2-n\jogl.dll
    2009-05-20 06:35 . 2009-05-20 06:35 20480 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7eb0a5f2-n\jogl_awt.dll
    2009-05-20 06:35 . 2009-05-20 06:35 20480 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-21b01d74-n\gluegen-rt.dll
    2009-05-20 06:35 . 2009-05-20 06:35 114688 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7eb0a5f2-n\jogl_cg.dll
    2009-05-20 06:34 . 2009-05-20 06:33 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-05-20 06:32 . 2009-05-20 06:32 152576 ----a-w c:\documents and settings\tyler\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-20 05:52 . 2009-05-20 05:53 -------- d-----w c:\program files\OpenOffice.org 2.4
    2009-05-20 05:45 . 2009-05-20 05:46 -------- d-----w c:\temp\OpenOffice.org 2.4 (en-US) Installation Files
    2009-05-20 05:38 . 2009-05-20 05:38 -------- d-----w c:\program files\Apple Software Update
    2009-05-20 05:36 . 2009-05-20 05:36 -------- d-----w c:\documents and settings\tyler\Local Settings\Application Data\AOL OCP
    2009-05-20 05:36 . 2009-05-20 05:36 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2009-05-20 05:36 . 2009-05-20 05:36 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
    2009-05-20 05:36 . 2009-05-20 05:36 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2009-05-20 05:35 . 2009-05-20 05:35 -------- d-----w c:\program files\Common Files\AOL
    2009-05-20 05:34 . 2009-05-20 05:36 -------- d-----w c:\program files\AIM6
    2009-05-20 04:49 . 2009-05-20 04:49 -------- d-----w c:\program files\Secunia
    2009-05-20 04:36 . 2009-05-20 04:36 -------- d-----w c:\documents and settings\tyler\Application Data\Malwarebytes
    2009-05-20 04:36 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-20 04:36 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-20 04:36 . 2009-05-20 04:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-20 04:36 . 2009-05-20 04:36 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-20 02:07 . 2009-05-20 03:04 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-05-20 02:07 . 2009-05-20 03:04 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-19 15:28 . 2009-05-16 15:53 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-05-19 15:28 . 2009-05-16 15:53 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
    2009-05-19 15:28 . 2009-05-16 15:53 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
    2009-05-19 15:28 . 2009-05-16 15:53 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
    2009-05-19 15:28 . 2009-05-16 15:53 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
    2009-05-19 15:28 . 2009-05-16 15:53 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
    2009-05-16 15:53 . 2009-05-16 02:39 76040 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
    2009-05-16 15:53 . 2009-05-16 15:53 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
    2009-05-16 15:53 . 2009-05-16 02:39 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
    2009-05-16 15:53 . 2009-05-16 02:39 26824 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
    2009-05-16 02:39 . 2009-05-16 15:53 11952 ----a-w c:\windows\system32\avgrsstx.dll
    2009-05-16 02:39 . 2009-05-16 15:53 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2009-05-16 02:39 . 2009-05-16 15:53 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-05-16 02:39 . 2009-05-16 15:53 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
    2009-05-16 02:39 . 2009-05-22 00:52 -------- d-----w c:\windows\system32\drivers\Avg
    2009-05-16 02:01 . 2009-05-22 02:03 31174 ----a-w c:\windows\W2BNEUnin.dat
    2009-05-16 02:01 . 2009-05-20 07:26 98304 ----a-w c:\windows\W2BNEUnin.exe
    2009-05-16 02:01 . 2009-05-20 07:26 2829 ----a-w c:\windows\W2BNEUnin.pif

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-24 09:30 . 2009-02-18 03:17 -------- d-----w c:\program files\Flock
    2009-05-24 09:29 . 2008-03-04 11:49 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-05-24 07:20 . 2005-08-22 08:58 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2009-05-23 02:19 . 2006-07-03 11:00 -------- d-----w c:\documents and settings\tyler\Application Data\uTorrent
    2009-05-23 02:15 . 2008-10-06 07:27 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-05-20 06:33 . 2005-09-13 03:24 -------- d-----w c:\program files\Java
    2009-05-20 05:52 . 2005-10-22 07:06 -------- d-----w c:\program files\OpenOffice.org 2.0
    2009-05-20 05:45 . 2005-10-07 03:53 -------- d-----w c:\program files\QuickTime
    2009-05-20 05:43 . 2005-07-26 08:51 -------- d-----w c:\program files\Winamp
    2009-05-20 05:39 . 2008-01-17 04:22 -------- d-----w c:\program files\Bonjour
    2009-05-20 05:35 . 2005-07-26 05:52 -------- d-----w c:\program files\Opera
    2009-05-16 15:53 . 2009-01-15 17:14 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
    2009-05-16 15:53 . 2009-01-15 17:14 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
    2009-05-16 02:39 . 2009-01-15 17:16 97928 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
    2009-05-16 02:38 . 2009-01-15 17:14 641304 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
    2009-05-16 02:38 . 2009-01-15 17:14 443672 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
    2009-05-16 02:13 . 2005-07-13 23:12 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-05-15 08:57 . 2005-07-13 23:05 102312 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-14 11:10 . 2005-08-03 02:08 -------- d-----w c:\program files\BitSpirit
    2009-05-11 09:26 . 2006-06-22 05:55 -------- d-----w c:\program files\mIRC
    2009-05-10 16:31 . 2008-11-21 06:31 -------- d-----w c:\program files\Mozilla Thunderbird
    2009-05-07 04:16 . 2009-02-03 08:06 -------- d-----w c:\documents and settings\Guest\Application Data\OpenOffice.org2
    2009-03-27 06:56 . 2005-09-30 05:45 -------- d-----w c:\program files\Google
    2009-03-27 04:36 . 2008-03-31 18:24 -------- d-----w c:\documents and settings\tyler\Application Data\Digidesign
    2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys
    2009-03-20 06:55 . 2009-02-28 08:20 334912 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
    2009-03-20 06:55 . 2009-02-28 08:19 171072 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\baseq3\uix86.dll
    2009-03-20 06:30 . 2009-02-28 08:15 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-03-20 06:29 . 2009-02-28 08:14 189784 ----a-w c:\windows\system32\PnkBstrB.exe
    2009-03-20 06:29 . 2009-02-28 08:19 874660 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\pb\pbcl.dll
    2009-03-20 06:29 . 2009-02-28 08:19 57344 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\pb\pbag.dll
    2009-03-20 06:29 . 2009-02-28 08:19 479232 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\pb\pbsv.dll
    2009-03-20 06:29 . 2009-02-28 08:19 2669632 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
    2009-03-12 05:04 . 2009-02-28 08:14 75064 ----a-w c:\windows\system32\PnkBstrA.exe
    2009-03-12 05:02 . 2009-02-28 08:15 22328 ----a-w c:\documents and settings\tyler\Application Data\PnkBstrK.sys
    2009-03-12 05:02 . 2009-02-28 08:15 22328 ----a-w c:\documents and settings\tyler\Application Data\PnkBstrK.sys
    2009-03-12 05:01 . 2009-02-28 08:14 2246144 ----a-w c:\windows\system32\pbsvc.exe
    2009-03-11 19:40 . 2009-03-11 19:40 625728 ----a-w c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-28 08:28 . 2009-02-28 08:19 441408 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
    2009-02-28 08:19 . 2009-02-28 08:19 866235 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\pb\pbcls.dll
    2009-02-28 08:19 . 2009-02-28 08:19 57344 ----a-w c:\documents and settings\tyler\Application Data\id Software\quakelive\home\pb\pbags.dll
    2006-05-06 16:42 . 2006-11-02 06:07 7260160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2005-07-20 22:07 . 2005-05-13 04:05 344064 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

    2005-03-17 02:16 . 2005-03-17 02:16 970752 c:\program files\Common Files\Adobe\Updater\bak\AdobeUpdater.exe

    2005-07-20 21:53 . 2002-12-04 01:06 45056 c:\program files\Creative\SB Drive Det\bak\SBDrvDet.exe

    2005-07-20 22:02 . 2003-11-01 02:42 32768 c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe

    2007-02-16 07:42 . 2007-02-16 07:42 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

    2002-10-14 22:09 . 2002-10-14 22:09 57344 c:\program files\Lexmark X74-X75\bak\lxbbbmgr.exe
    2002-10-14 22:09 . 2002-10-14 22:09 57344 c:\program files\Lexmark X74-X75\lxbbbmgr.exe

    2004-06-03 08:51 . 2004-06-03 08:51 172032 c:\program files\Microsoft IntelliType Pro\bak\type32.exe
    2004-06-03 08:51 . 2004-06-03 08:51 172032 c:\program files\Microsoft IntelliType Pro\type32.exe

    2006-11-30 00:31 . 2005-03-11 19:59 35328 c:\tracking\Digidesign\Drivers\bak\MMERefresh.exe

    2005-07-20 21:53 . 2000-05-11 08:00 90112 c:\windows\bak\UpdReg.EXE

    2006-04-16 09:37 . 2006-03-16 17:54 99840 c:\windows\system32\bak\M-AudioTaskBarIcon.exe

    2006-02-02 00:45 . 2006-01-12 23:37 491520 c:\windows\system32\spool\drivers\w32x86\3\bak\fpdisp5a.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]
    2009-05-24 06:55 29184 ----a-w c:\windows\system32\lklf32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-06 39408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Steam"="" [N/A]
    "DCAM"="" [N/A]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
    "DigidesignMMERefresh"="c:\tracking\protools\Digidesign\Drivers\MMERefresh.exe" [2005-10-26 61440]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
    "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [N/A]
    "UpdReg"="c:\windows\UpdReg.EXE" [N/A]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [N/A]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
    "FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [N/A]
    "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [N/A]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2005-08-09 185480]
    "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
    "ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [N/A]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
    "CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
    "autochk"="c:\docume~1\LOCALS~1\protect.dll" [N/A]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-16 15:53 11952 ----a-w c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "midi1"= myokent.dll
    "midi2"= usbnp4x4.dll
    "midi4"= usbnp4x4.dll
    "MIDI5"= diomidi.dll
    "wave7"= Digi32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
    backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
    backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^tyler^Start Menu^Programs^Startup^ChkDisk.dll]
    path=c:\documents and settings\tyler\Start Menu\Programs\Startup\ChkDisk.dll
    backup=c:\windows\pss\ChkDisk.dllStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^tyler^Start Menu^Programs^Startup^ChkDisk.lnk]
    path=c:\documents and settings\tyler\Start Menu\Programs\Startup\ChkDisk.lnk
    backup=c:\windows\pss\ChkDisk.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^tyler^Start Menu^Programs^Startup^Deewoo.lnk]
    path=c:\documents and settings\tyler\Start Menu\Programs\Startup\Deewoo.lnk
    backup=c:\windows\pss\Deewoo.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^tyler^Start Menu^Programs^Startup^DW_Start.lnk]
    path=c:\documents and settings\tyler\Start Menu\Programs\Startup\DW_Start.lnk
    backup=c:\windows\pss\DW_Start.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^tyler^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\tyler\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^tyler^Start Menu^Programs^Startup^Secunia PSI.lnk]
    path=c:\documents and settings\tyler\Start Menu\Programs\Startup\Secunia PSI.lnk
    backup=c:\windows\pss\Secunia PSI.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WinVNC4"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "StarWindService"=2 (0x2)
    "ServiceLayer"=3 (0x3)
    "rpcapd"=3 (0x3)
    "MSControlService"=3 (0x3)
    "MAudioAudiophileService"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WmiApSrv"=3 (0x3)
    "Wmi"=3 (0x3)
    "WmdmPmSN"=3 (0x3)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "MDM"=2 (0x2)
    "KodakCCS"=2 (0x2)
    "HssSrv"=2 (0x2)
    "HotspotShieldService"=2 (0x2)
    "FLEXnet Licensing Service"=3 (0x3)
    "digiSPTIService"=3 (0x3)
    "avast!Antivirus"=2 (0x2)
    "avg8wd"=2 (0x2)
    "avg8emc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\Kazaa Lite\\kazaa.core"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\CuteFTP 7 Professional\\ftpte.exe"=
    "c:\\FlashFXP\\flashfxp.exe"=
    "c:\\WINDOWS\\system32\\javaw.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\games\\doom\\doom2\\zlauncher.exe"=
    "c:\\games\\doom\\doom2\\zdaemon.exe"=
    "c:\\games\\doom\\doom2\\odamex.exe"=
    "c:\\games\\doom\\doom2\\odalaunch.exe"=
    "c:\\games\\doom\\doom2\\skulltag.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\games\\git\\Git.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\ipod\\itunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Microsoft IntelliType Pro\\type32.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\games\\wc2\\Warcraft II BNE.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [5/14/2008 4:06 AM 16384]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/22/2009 7:22 PM 130936]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2009 7:39 PM 325896]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2009 7:39 PM 108552]
    R2 cdenable;cdenable;c:\windows\system32\drivers\cdenable.sys [4/11/2006 6:14 PM 6112]
    R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2/4/2009 2:34 AM 31192]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
    R3 OpenDrvII;AOpen OpenCLibv4 Driver;c:\windows\system32\drivers\OpenDrvII.sys [8/31/2004 5:23 PM 4736]
    R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [11/24/2007 2:19 AM 966784]
    S2 EZWINIT;EZWINIT;c:\windows\system32\drivers\ezwinit.sys [12/26/2005 5:22 PM 14494]
    S2 EZWRITER;EZWRITER;c:\windows\system32\drivers\ezwriter.sys [12/26/2005 5:22 PM 16680]
    S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [5/14/2008 4:00 AM 105472]
    S3 DJUSB;DMM Controller;c:\windows\system32\drivers\DM2.sys [6/1/2001 8:26 PM 10758]
    S3 idrmkl;idrmkl;\??\c:\docume~1\tyler\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\tyler\LOCALS~1\Temp\idrmkl.sys [?]
    S3 LMASFltr;LMASFltr;c:\windows\system32\drivers\LMASFltr.sys [10/29/2005 12:09 AM 13684]
    S3 ma763003;M-Audio Audiophile;c:\windows\system32\drivers\MA763003.sys --> c:\windows\system32\drivers\MA763003.sys [?]
    S3 MADFU003;MADFU003;c:\windows\system32\drivers\MADFU003.sys [11/29/2006 6:04 PM 69248]
    S3 MAUSBAP;Service for M-Audio Audiophile (WDM);c:\windows\system32\drivers\mausbap.sys [11/29/2006 6:04 PM 103424]
    S3 MMAUSB;M Audio USB ASIO Driver;c:\windows\system32\drivers\MMAUSB.SYS [10/29/2005 12:09 AM 18135]
    S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [6/23/2004 9:52 PM 7552]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808]
    S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys [11/29/2006 6:04 PM 22336]
    S4 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
    S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/16/2009 8:53 AM 908568]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/16/2009 8:53 AM 298776]
    S4 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [1/27/2009 12:15 PM 93656]
    S4 MAudioAudiophileService;M-Audio Audiophile Installer;c:\program files\M-Audio\Audiophile USB\MAUSBAPInst.exe --> c:\program files\M-Audio\Audiophile USB\MAUSBAPInst.exe [?]
    S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/22/2009 7:22 PM 348752]
    .
    Contents of the 'Scheduled Tasks' folder

    2007-11-28 c:\windows\Tasks\DoItAgain.job
    - c:\doit\DoItAgain.exe [2007-11-07 07:08]

    2009-05-14 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 05:18]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{c871956a-1bff-4b64-9254-6551494a43aa} - (no file)
    Notify-hggfdec - hggfdec.dll
    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ca/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Copy to Semagic - c:\program files\Semagic\copy.htm
    IE: E&xport to Microsoft Excel - c:\office03\OFFICE11\EXCEL.EXE/3000
    IE: Semagic - c:\program files\Semagic\link.htm
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: aol.com\free
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    FF - ProfilePath - c:\documents and settings\tyler\Application Data\Mozilla\Firefox\Profiles\34g21xux.default\
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\documents and settings\tyler\Application Data\Mozilla\Firefox\Profiles\34g21xux.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
    FF - plugin: c:\ipod\itunes\Mozilla Plugins\npitunes.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-24 02:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1636)
    c:\windows\system32\myokent.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1692)
    c:\windows\system32\myokent.dll

    - - - - - - - > 'explorer.exe'(3104)
    c:\windows\system32\myokent.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\windows\system32\lklf32.dll
    c:\office03\OFFICE11\msohev.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Lexmark X74-X75\lxbbbmon.exe
    .
    **************************************************************************
    .
    Completion time: 2009-05-24 3:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-24 10:03

    Pre-Run: 71,114,817,536 bytes free
    Post-Run: 71,933,132,800 bytes free

    465 --- E O F --- 2009-05-20 10:01














    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:08:10 AM, on 5/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Microsoft copyright - {F30B5E7E-CFBB-44fb-A947-226E5A7A4290} - lklf32.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\office03\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office03\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\MsgPlusLoader.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 11238 bytes

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Default

    µTorrent
    1st File Renamer 1.0
    545 Studios Skinstaller (remove only)
    7-Zip 4.57
    Ad-Aware SE Professional
    Adobe Acrobat 7.0.5 Professional
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Default Language CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Illustrator CS2
    Adobe InDesign CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Setup
    Adobe Shockwave Player
    Adobe SING CS3
    Adobe Stock Photos 1.0
    Adobe Stock Photos CS3
    Adobe SVG Viewer 3.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Archive Password Recovery (remove only)
    Advanced PDF Repair v1.1
    AIM 6
    AIMutation (remove only)
    AnalogX TapTempo
    AnalogX Vocal Remover (WinAmp)
    AOL Instant Messenger
    AOpen Application Runtime Environment
    Apple Mobile Device Support
    Apple Software Update
    Articulate Studio '09 Pro
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    ATI HYDRAVISION
    Audacity 1.2.6
    AudioMulch Interactive Music Studio 0.9b21
    Audiophile USB
    Audiophile USB 1.5.4.15
    AutoIt v3.2.10.0
    AVG Free 8.5
    AviSynth 2.5
    Azureus
    Baldur's Gate(TM) II - Throne of Bhaal (TM)
    Band-in-a-Box 2005
    Beatnik Player
    BFD
    Blood2
    Bonjour
    Brother HL-2070N
    Cakewalk VST Adapter 4.4.4.0
    Canon Camera WIA Driver 6.2.5
    CardRd81
    CCHelp
    CCleaner (remove only)
    CCScore
    CDex extraction audio
    Celemony Melodyne v2.6.0.6 Studio Edition
    Cheat Engine 5.3
    Cisco Systems VPN Client 4.8.01.0300
    Collab
    Compatibility Pack for the 2007 Office system
    Cool Edit Pro 2.1
    CR2
    Creative Audio Console
    Creative System Information
    CuteFTP 7 Professional
    DCAM Server
    Digidesign Pro Tools LE 7.0
    Digidesign Shared Plug-Ins 7.0
    Direct Show Ogg Vorbis Filter (remove only)
    DM ˛
    DM2MIDI (remove only)
    Do It Again
    Dragon
    DreamStation DXi2
    Duplicate File Finder 1.1.0.0
    Duplicate Finder
    DVD Decrypter (Remove Only)
    Easy CD-DA Extractor 8.2.1
    ERUNT 1.1j
    ESSAdpt
    ESSANUP
    ESSBrwr
    ESSCAM
    ESSCDBK
    ESScore
    ESSCT
    ESSEMAIL
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTUTOR
    ESSvpaht
    ESSvpot
    Exact Audio Copy 0.95b3
    EZdrummer
    EZXDfh
    Fallout
    File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
    Final Draft 7
    FinePrint
    FirstClass® Client
    FL Studio 6
    Flock (2.0.3)
    FLV Player 1.3.3
    Free Bomb Factory Plug-Ins 7.0
    Free Games Offer, Desktop Shortcut
    Game Maker 7.0
    GIT v0.99 BETA 4
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    Google Video Player
    Google Web Accelerator
    Gtk+ Development Environment for Windows 2.10.11-1
    Guitar Pro 4.0
    Hamachi 1.0.2.5
    HammerHead Rhythm Station
    Handbrake 0.9.2
    HijackThis 2.0.2
    HLPCCTR
    HLPIndex
    HLPPDOCK
    HLPSFO
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    Hotspot Shield 1.11
    HyperCam 2
    InCD
    InterLok Driver Kit
    iTunes
    J2SE Development Kit 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 6
    JAlbum
    Java 2 Runtime Environment, SE v1.4.0_01
    Java 2 SDK, SE v1.4.0_01
    Java(TM) 6 Update 13
    Java(TM) 6 Update 4
    Jing
    JPEGCrops 0.7.2 beta
    Kazaa Lite 2.7
    Kazaa Lite 2.7
    K-Lite Mega Codec Pack 1.38
    K-Lite v2.7
    Kodak EasyShare software
    KSU
    Lexmark P910 Series
    Lexmark X74-X75
    LimeWire 4.10.9
    Live 6.0.9
    LJ Comment Stats Wizard 1.7
    Magic ISO Maker v5.4 (build 0251)
    MagicDisc 2.7.105
    Malwarebytes' Anti-Malware
    ManyCam 2.3 (remove only)
    MaxMSP 4.5.7
    Medusa v1.1
    Messenger Plus! 3
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    MIDI Yoke
    mIRC
    ModPlug Tracker
    Mozilla Firefox (3.0.10)
    Mozilla Thunderbird (2.0.0.21)
    MP3 Player Utilities 3.57
    Mp3 Tag Tools v1.2
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    Native Instruments Traktor DJ Studio 3
    Nero OEM
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia PC Suite
    Nokia Software Updater
    Notifier
    OfotoXMI
    OpenOffice.org 2.4
    Opera 9.64
    OTtBP
    OTtBPSDK
    PC Connectivity Solution
    PCDLNCH
    PDF Settings
    PeerGuardian 2.0
    PG Music DirectX Plugins 1.3.3.1
    PIE Demo v3.6
    PowerDVD
    PowerQuest PartitionMagic 8.0
    PunkBuster Services
    Quake III Arena
    Quake III Arena Point Release 1.32
    Quake Live Mozilla Plugin
    QuickTime
    Reason
    Reason Adapted for Digidesign 3.0.1
    Rogue Spear
    ScummVM 0.12.0
    SDL.NET Runtime 6.0.0
    Secunia PSI
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Semagic (remove only)
    SetBrowser (remove only)
    SFR
    SFR2
    Shadowcove.NET
    Sid Meier's Civilization 4
    SiSRaidPackage
    SONAR 5 Producer Edition
    Sony ACID Pro 5.0
    Sony Sound Forge 8.0
    SoulSeek Client 156c
    Sound Blaster Audigy 2
    SPORE™ Creature Creator Trial Edition
    Spybot - Search & Destroy
    Spyware Doctor 6.0
    Star Wars JK II Jedi Outcast
    Steinberg Cubase SX v3.0.2.623
    Steinberg HALion v3.1.0.947
    StepMania CVS (remove only)
    StuffPlug-NG (Messenger Plus! Plugins)
    SyncroSoft Emu (Remove only)
    Syncrosoft's License Control
    SynthFont Version 1.102
    t@b ZS4 Video Editor v0.958-686
    Take It Easy
    TextPad 4.7
    The Longest Journey
    The Sims 2
    The Sims™ 2 Bon Voyage
    Timetable Assistant
    Ultima Online: Mondain's Legacy
    Unity Web Player
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VCAMCEN
    VDMSound 2.0.4
    Vector Magic
    Ventrilo Client
    Videora iPod Converter 3.08
    Virtual DJ - Atomix Productions
    VLC media player 0.9.8a
    VNC Mirror Driver 1.7.1
    VNC Personal Edition P4.3.2
    VobSub v2.23 (Remove Only)
    Voxengo Redunoise VST 1.6
    VPRINTOL
    Vst To Rtas Adapter V2.1
    Warcraft II BNE
    WillowTALK 2.5
    Winamp
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    Windows Imaging Component
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    Windows Media On-Demand Producer
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinPcap 3.0
    WinRAR archiver
    WordBiz version 1.8
    World of Warcraft
    Xbox 360 Controller for Windows
    Xfire (remove only)
    YAMAHA XG SoftSynthesizer S-YXG50
    ZDaemon (remove only)

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent
    Azureus
    Kazaa Lite 2.7
    Kazaa Lite 2.7
    LimeWire 4.10.9
    SoulSeek Client 156c


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new uninstall list scan when finished and post the log back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •