Spybot & AVG8.5 wont scan,cant save HJT,ERUNT,Malwarebytes

**northernunicorn** · 2009-10-20, 18:36

Hi IndiGenus:

File I would like to check if present. First, please make sure you can see hidden files.

I followed instructions for showing hidden files.
I clicked on Jotti link and clicked browse and tried to upload file
Sys7CC0.exe
for analysis.
This is the message that came up:

File not found.Check file name and try again

***What would you like me to do next?

Please also post an updated HijackThis log

Was still unable to save the HijackThis installer.exe to my computer.
I will contact my friend and try to save it on disk (like I did with the other tools) and will get back to you with results.

Thanks for your help and patience. Awaiting your reply.

from Dorothy

**IndiGenus** · 2009-10-20, 18:41

Hi Dorothy,

One thing we may want to try. I had mentioned another thread that I was watching where the user could not download files and it ended up being a corrupted AVG install. Since you have AVG I'm wondering if this may be the same issue. You may want to uninstall and re-install AVG to see if that clears up the issue of downloading.

Also, did you download and save DDS as I had advised? If so can you run that and post the logs.

**northernunicorn** · 2009-10-20, 23:34

Hi IndiGenus:

I got your reply.
I did download & save DDS to disk as you asked.
I will run that and post the logs.

Also, I will Uninstall & Install of AVG8 and let you know what happens.

Also, I will be saving HijackThis Installer.exe to my disk and will post the log.

I will be able to do all the above tomorrow evening at the earliest since I have previous commitments tonight and all day tomorrow.

Thanks from Dorothy

**IndiGenus** · 2009-10-21, 00:07

Hi Dorothy,

No need to go out of the way to get HijackThis. DDS will show us everything HJT will, and more. So just the DDS will do, and should only take a minute or 2.

**northernunicorn** · 2009-10-22, 18:35

Hi IndiGenus

Here are the 2 DDS logs as requested.

DDS

DDS (Ver_09-10-13.01) - NTFSx86
Run by JeffandMom at 11:58:53.26 on 22/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.138 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy162\SDWinSec.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JeffandMom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy162\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy162\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-3 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-3 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy162\SDWinSec.exe [2009-2-13 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]

=============== Created Last 30 ================

2009-10-19 13:13 236,544 a------- c:\windows\PEV.exe
2009-10-19 13:13 161,792 a------- c:\windows\SWREG.exe
2009-10-19 13:13 98,816 a------- c:\windows\sed.exe
2009-10-14 23:59 <DIR> --d----- c:\program files\ESET
2009-10-13 23:33 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 23:33 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-13 23:33 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-13 23:30 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 14:35 <DIR> --d----- c:\users\jeffan~1\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-03 01:51 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-23 13:12 <DIR> --d----- c:\users\jeffandmom\.housecall6.6

==================== Find3M ====================

2009-09-12 01:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-12 01:17 86,016 a------- c:\windows\inf\infstor.dat
2009-09-12 01:17 51,200 a------- c:\windows\inf\infpub.dat
2009-09-12 01:04 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:51 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 08:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-09-28 02:27 174 a--sh--- c:\program files\desktop.ini
2007-09-24 21:32 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:59:25.07 ===============

**IndiGenus** · 2009-10-22, 18:51

How are things running? Let's run a quick cleanup script with combofix then let me know how it's running at this point.

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sys7CC0.exe"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new DDS log.

**northernunicorn** · 2009-10-23, 20:46

Hi IndiGenus

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sys7CC0.exe"=-
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again

I did as instructed
although I forgot to deactivate any security programs running :(

I tried to run another ComboFix after deactivating but I goofed & forgot to save to desktop Do you want me to run another?

Anyway, here is the log for the run I did do. Thanks from Dorothy

ComboFix 09-10-17.01 - JeffandMom 23/10/2009 12:18.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.109 [GMT -4:00]
Running from: c:\users\JeffandMom\Desktop\ComboFix.exe
Command switches used :: c:\users\JeffandMom\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-23 16:32 . 2009-10-23 16:32 -------- d-----w- c:\users\JeffandMom\AppData\Local\temp
2009-10-23 16:32 . 2009-10-23 16:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-23 16:32 . 2009-10-23 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-15 03:59 . 2009-10-15 03:59 -------- d-----w- c:\program files\ESET
2009-10-14 22:58 . 2009-10-14 23:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-14 03:33 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 03:33 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 03:33 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 03:30 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 18:35 . 2009-10-13 18:35 -------- d-----w- c:\users\JeffandMom\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-13 18:15 . 2009-10-13 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-03 05:51 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-23 17:12 . 2009-09-24 00:31 -------- d-----w- c:\users\JeffandMom\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 14:35 . 2008-05-25 16:40 -------- d-----w- c:\programdata\Avg8
2009-10-14 04:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-13 18:23 . 2009-07-14 03:00 -------- d-----w- c:\programdata\NOS
2009-09-30 22:16 . 2008-11-03 18:46 -------- d-----w- c:\program files\DNA
2009-09-30 04:03 . 2008-01-11 02:28 680 ----a-w- c:\users\JeffandMom\AppData\Local\d3d9caps.dat
2009-09-27 17:21 . 2009-02-13 05:06 -------- d-----w- c:\program files\Spybot - Search & Destroy162
2009-09-23 15:22 . 2007-06-21 09:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-12 05:10 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-02 06:40 . 2009-02-13 09:37 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-03 13:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 13:57 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:51 . 2009-02-03 20:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:51 . 2009-02-03 20:53 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:51 . 2009-02-03 20:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 05:22 . 2009-10-14 03:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 03:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 03:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 03:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-10 00:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 00:49 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 00:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 00:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 00:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 00:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 00:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 00:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 00:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 00:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 00:49 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 12:34 . 2009-10-14 03:32 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:34 . 2009-10-14 03:32 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-09-25 01:32 . 2007-09-25 01:32 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-06-13 03:56 . 2007-06-13 03:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-19_17.33.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-12 20:40 . 2009-10-23 14:15 55746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-06-12 20:40 . 2009-10-19 15:09 55746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-10-23 14:16 91084 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-06-21 22:29 . 2009-10-19 17:35 18448 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1243676550-844158297-4097513924-1000_UserData.bin
+ 2007-06-21 22:29 . 2009-10-23 14:16 18448 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1243676550-844158297-4097513924-1000_UserData.bin
- 2007-06-21 07:08 . 2009-10-19 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-21 07:08 . 2009-10-23 14:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-21 07:08 . 2009-10-23 14:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-21 07:08 . 2009-10-19 15:16 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-21 07:08 . 2009-10-23 14:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-06-21 07:08 . 2009-10-19 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-07-02 16:56 . 2009-09-07 19:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 16:56 . 2009-10-22 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 16:56 . 2009-09-07 19:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-02 16:56 . 2009-10-22 22:44 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 16:56 . 2009-09-07 19:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-07-02 16:56 . 2009-10-22 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:33 . 2009-10-19 15:05 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-23 14:19 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-19 15:05 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-23 14:19 105448 c:\windows\System32\perfc009.dat
+ 2009-05-14 02:50 . 2009-10-20 15:34 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-14 02:50 . 2009-10-14 04:53 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:22 . 2009-10-23 14:27 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-10-19 06:13 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-10-23 16:16 . 2009-10-23 16:16 6217728 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\users\JeffandMom\Program Files\DNA\btdna.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WPCUMI"=c:\windows\system32\WpcUmi.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"SigmatelSysTrayApp"=sttray.exe
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):40,68,88,54,68,33,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1243676550-844158297-4097513924-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3575F37-250E-44F1-955F-9DBA8D31014F}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33B940DD-6CDC-41AD-B5C0-94FFFE30F099}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{675E4329-BDAD-425B-8F52-E59340D79AE2}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"TCP Query User{1C073947-2788-4DB5-8357-98E3E3FCDA24}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{8CB2018A-3E7E-4C02-AF5B-51AF4CF93026}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{C4FD23D5-2EA3-4158-A34F-46692E6CC4D4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{40927A40-DE20-49B6-A2E7-F52B8395AA5D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{714594F5-54E7-4B6C-986C-A77C6490D6DC}"= UDP:c:\program files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{45CDFF7D-D7E9-433E-9584-73C0A7ECF93F}"= TCP:c:\program files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{16DCBD6D-6EA6-4CE0-A7D8-36E9E51C0130}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{0B8085F5-69B5-4EFB-A42F-6B5FEC037EA8}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"TCP Query User{78733992-4ABA-4095-9BF7-64F6EB0EBD63}c:\\users\\jeffandmom\\appdata\\local\\temp\\cryf095.tmp\\install.exe"= Disabled:UDP:c:\users\jeffandmom\appdata\local\temp\cryf095.tmp\install.exe:install.exe
"UDP Query User{5100B386-8977-488E-87A5-FD6EE52C9204}c:\\users\\jeffandmom\\appdata\\local\\temp\\cryf095.tmp\\install.exe"= Disabled:TCP:c:\users\jeffandmom\appdata\local\temp\cryf095.tmp\install.exe:install.exe
"TCP Query User{A68E209B-8B93-4E8F-AD3B-7CAF8423BEF2}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{14456106-FC4A-499C-B233-9DA902D77F8C}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{DA2C9F94-6C3A-46C3-9312-8BE90D992031}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{CAA44634-39E1-43CB-8892-D368F1834357}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{0E289CE5-5339-44C8-83BA-4250041310E6}c:\\program files\\morpheus\\morpheus.exe"= UDP:c:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query User{4D3E9D19-028D-48DC-8DC3-B94B6CE2B61C}c:\\program files\\morpheus\\morpheus.exe"= TCP:c:\program files\morpheus\morpheus.exe:Morpheus
"TCP Query User{2D148C49-136C-4B8D-AFCB-C9CB301F394A}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{419A0031-93D2-4BF9-A854-F6F4F229506D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{5C26B0C7-70E4-4FB7-BA48-D7A46CE57571}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4664334B-7196-45E1-8965-4F14BE3AE307}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{10E65A62-9E1F-4C13-96DC-6EC6E25B51BE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AC6B501D-9E15-4FDC-BEED-80EAD63AF5BD}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{342ADA7E-1204-486D-A832-F5C6798570B8}"= UDP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe:SimCity 3000 Unlimited
"{319F2B45-1BE1-4DC6-8C9B-AE7E9F61ABF9}"= TCP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe:SimCity 3000 Unlimited
"{9AD0B42E-5FC0-406C-8664-6A68A668041D}"= UDP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\BAApp.exe:Building Architect Plus
"{3E1367B2-685D-4894-923E-AFD35913E544}"= TCP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\BAApp.exe:Building Architect Plus
"{B81B8BDE-CE31-4AE3-AE3E-11822A09AC36}"= Disabled:UDP:c:\program files\Blubster\Blubster.exe:Blubster
"{57B35579-93BD-4E43-A763-C6C5B815D71C}"= Disabled:TCP:c:\program files\Blubster\Blubster.exe:Blubster
"TCP Query User{EEA02241-6F2D-4A58-A957-BED349F9BD7F}c:\\program files\\yahoo! games\\jeopardy!\\jeopardy!.exe"= Disabled:UDP:c:\program files\yahoo! games\jeopardy!\jeopardy!.exe:JEOPARDY!
"UDP Query User{98A85509-9C5B-4A6F-A64B-A2CAF6A08A7B}c:\\program files\\yahoo! games\\jeopardy!\\jeopardy!.exe"= Disabled:TCP:c:\program files\yahoo! games\jeopardy!\jeopardy!.exe:JEOPARDY!
"{AF793AE3-9195-45C6-B589-B85B8CE1AACB}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{857C846E-0368-42AC-86E3-2284F4A9426E}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{DEE67F76-564B-4964-A1D2-19945441D98D}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{4914565E-0F00-4948-985F-4B448B560D0D}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{F9971E49-5AA4-477D-80D6-E12FD76C7CE0}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{FF0F290B-0A63-4B58-9DA9-F4A0DBA266DF}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"TCP Query User{E8772C2A-B0D4-460C-8DF3-35E02E89AE12}c:\\users\\jeffandmom\\program files\\dna\\btdna.exe"= UDP:c:\users\jeffandmom\program files\dna\btdna.exe:btdna.exe
"UDP Query User{B052B293-75C7-453A-8372-2C4B7F475EE4}c:\\users\\jeffandmom\\program files\\dna\\btdna.exe"= TCP:c:\users\jeffandmom\program files\dna\btdna.exe:btdna.exe
"{E9047EDA-B009-4D37-B5D0-223878263010}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{8EAC47DC-0B2D-4B94-A9BC-378DAC1FD3CB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{6C1C211A-8DA3-4CA0-AE22-1788A73C9E1C}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{311AF4CA-6404-47DC-AA44-CA46CFE86C6F}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"TCP Query User{EC185DCC-5F9D-4A17-AC8F-C22058AFB2C6}c:\\users\\jeffandmom\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\users\jeffandmom\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{EF017CC1-AA8C-470E-818B-B94E53DDF341}c:\\users\\jeffandmom\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\users\jeffandmom\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{2C30FE43-5885-4432-9C6A-5C1304483211}c:\\users\\jeffandmom\\program files\\bittorrent_dna\\dna.exe"= UDP:c:\users\jeffandmom\program files\bittorrent_dna\dna.exe:dna.exe
"UDP Query User{87858FAD-BB85-4647-8BAB-19A30257510B}c:\\users\\jeffandmom\\program files\\bittorrent_dna\\dna.exe"= TCP:c:\users\jeffandmom\program files\bittorrent_dna\dna.exe:dna.exe
"{B766EDBB-17DC-45F4-B0B6-2675A6AEE9AA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{096035EE-C61B-4CA5-8159-D47F80B13720}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{524E00AF-11ED-4B19-9D99-111C2B612F6F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{BDC5A94C-D7AA-4B8C-92C4-249EA6779E6D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4A3A4C3F-639B-4A1B-8B64-D45A9F0F8CCC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{0AA9915C-6298-4CF6-A6AA-35F53C27D723}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{1BBD6D94-7589-47E1-A491-C8FAFF73A663}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy162\SDWinSec.exe [2009-01-26 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-28 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-11 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 12:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-23 12:38
ComboFix-quarantined-files.txt 2009-10-23 16:38
ComboFix2.txt 2009-10-19 17:43

Pre-Run: 41,329,745,920 bytes free
Post-Run: 41,291,345,920 bytes free

314 --- E O F --- 2009-10-22 15:25

Thread: Spybot & AVG8.5 wont scan,cant save HJT,ERUNT,Malwarebytes

Thread Tools

Display

Hybrid View

re: file analysis at Jotti site and re: HijackThis

Might be AVG

might be AVG

Don't need HJT

DDS logs

NEW combofix.txt log

Posting Permissions