A case of several viruses invading system registry

**Aelo123** · 2012-06-13, 23:37

Well, I have a case of infection with several viruses(Trojan Horse.AQLW, IDP.trojan.1C8D1A13 and perhaps others.) and AVG keeps deleting registry files but it doesn't solve the problem.) Here are the logs you requested:-
DDS:-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by hp at 22:27:46 on 2012-06-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1045 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\allgameshome toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Codecv Class: {1d8f1bbe-c6fa-6cdf-a687-dc47da301414} - c:\programdata\codecv\bhoclass.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Alnaddy.com Helper Object: {55928dd2-8878-4275-aab3-b3a09a67a1eb} - c:\program files\alnaddy.com\alnaddytoolbar\1.5.25.2\bh\alnaddyToolbar.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\a\programs\hotspot shield\hssie\HssIE.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Alnaddy.com Toolbar: {cd3aed25-23ab-4543-b915-159449c37197} - c:\program files\alnaddy.com\alnaddytoolbar\1.5.25.2\alnaddyToolbarTlbr.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\hp\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.72.144.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15:12
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S2 hfneavwv;SFF Storage Protocol for SDBusSupport;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 lpx;ET5Drv;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mbr;Vwlogger;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49:42 -------- d-----w- c:\users\hp\appdata\roaming\CBS Interactive
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:15:12 -------- d-----w- c:\program files\Alnaddy.com
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04:16 -------- d-----w- c:\program files\BabylonToolbar
2012-06-08 22:03:26 -------- d-----w- c:\users\hp\appdata\roaming\Babylon
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Babylon
2012-06-08 22:02:43 -------- d-----w- c:\programdata\Codecv
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d--h--w- C:\$AVG
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
2012-06-01 13:06:07 -------- d-----w- c:\users\hp\appdata\roaming\iWin
2012-05-30 18:12:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12:09 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06:09 -------- d-----w- c:\users\hp\appdata\roaming\.freeciv
2012-05-30 07:49:03 -------- d-----w- c:\users\hp\appdata\local\Akamai
2012-05-30 07:43:20 -------- d-----w- c:\program files\common files\Akamai
2012-05-30 07:39:01 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28:38 -------- d-----w- c:\users\hp\appdata\local\IsolatedStorage
2012-05-28 13:58:56 -------- d-----w- c:\users\hp\appdata\local\Nokia
2012-05-28 13:58:51 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16:07 -------- d-----w- c:\program files\common files\PCSuite
2012-05-28 12:16:07 -------- d-----w- c:\program files\common files\Nokia
2012-05-28 12:15:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15:23 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-24 12:10:56 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09:00 -------- d-----w- c:\program files\AllGamesHome Toolbar
2012-05-23 10:36:41 -------- d-----w- c:\windows\system32\appmgmt
2012-05-15 08:01:50 -------- d-----w- c:\users\hp\appdata\local\Diagnostics
2012-05-15 07:30:10 -------- d-----w- c:\users\hp\appdata\roaming\Anvil Studio
2012-05-15 07:14:16 -------- d-----w- c:\users\hp\appdata\roaming\Synthesia
.
==================== Find3M ====================
.
2012-06-13 17:21:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-13 10:00:25 215 ----a-w- c:\windows\system32\wsun32.dll
2012-05-13 10:00:25 215 ----a-w- c:\windows\system32\msgb.dll
2012-05-06 15:59:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 15:59:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45:18 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45:14 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-22 20:54:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 03:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-17 05:00:29 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 22:28:32.74 ===============

SSD:-
Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $5AB447BB] Program directory (Directory, nothing done)
C:\Users\hp\AppData\Roaming\Babylon\

Babylon.Toolbar: [SBI $D1EDD9CA] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon

Babylon.Toolbar: [SBI $D573FB99] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $E02AA723] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $E0B59C7B] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $845CDFE1] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Babylon.Toolbar: [SBI $C85E7B42] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $3B673BC9] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Babylon.Toolbar: [SBI $295D1CA8] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $965DE1CF] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $03CC717B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Babylon.Toolbar: [SBI $55401212] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Babylon.Toolbar: [SBI $4FD7143C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Babylon.Toolbar: [SBI $86D54DEE] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Babylon.Toolbar: [SBI $B3F815D3] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Babylon.Toolbar: [SBI $A7E24495] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Babylon.Toolbar: [SBI $F311396F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Babylon.Toolbar: [SBI $473B0254] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Babylon.Toolbar: [SBI $17D55CEB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Babylon.Toolbar: [SBI $35D035AC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Babylon.Toolbar: [SBI $CD2F4F51] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Babylon.Toolbar: [SBI $88BEA276] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Babylon.Toolbar: [SBI $44038FF2] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Babylon.Toolbar: [SBI $A3E68EB6] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Babylon.Toolbar: [SBI $BBB82D0A] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Babylon.Toolbar: [SBI $C5E991BF] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Babylon.Toolbar: [SBI $58FD8250] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Babylon.Toolbar: [SBI $7C893BE9] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName

Babylon.Toolbar: [SBI $7491E83C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE20B4F0-A56F-41CE-BFFC-FB7389CCB627}

Babylon.Toolbar: [SBI $9BB50AEF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escrtBtn.1

Babylon.Toolbar: [SBI $9BB50AEF] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $53246B67] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Babylon.Toolbar: [SBI $C2E2DFDF] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\

Babylon.Toolbar: [SBI $6FD65E4E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\

Babylon.Toolbar: [SBI $BD2D2D7E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\

Babylon.Toolbar: [SBI $7C2CF2C5] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\

Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $3BE29F71] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $F8D06006] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\BabylonToolbar

Babylon.Toolbar: [SBI $2C6EC819] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar

BrothersoftExtreme.CT: [SBI $7877A24A] Executable (File, nothing done)
C:\Users\hp\Documents\Downloads\11CT2776682_BrotherSoft_Extreme.exe
Properties.size=192848
Properties.md5=366ACA3ACE9F8F388BB831F0F1CBB015
Properties.filedate=1335992661
Properties.filedatetext=2012-05-02 23:04:20

CoolWWWSearch.CameUp: [SBI $4A5E11C5] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

CoolWWWSearch.Toolband: [SBI $E1C52FF8] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}

CoolWWWSearch.Toolband: [SBI $C80E6C03] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj

CoolWWWSearch.Toolband: [SBI $C80E6C03] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1

CoolWWWSearch.Toolband: [SBI $C80E6C03] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3B22A92-87A2-47b6-B3E6-A64877B5C242}

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-06-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thanks in advance

**JonTom** · 2012-06-15, 20:43

Hello Aelo123 and

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

There is a serious rootkit infection on this machine. Please use an uninfected machine to change all of your passwords as soon as you can as your passwords may have been compromised.

Also, please back up all of your important data immediately as in the worst case scenario you may have to reformat and reinstall your operating system.

Before we begin I would like to review the logs created by the following tools:

aswMBR
- Download aswMBR.exe to your desktop.
- Double click the aswMBR.exe to run it.
- When asked if you want to download Avast's virus definitions please select Yes.
- Click the "Scan" button to start scan.
- On completion of the scan click save log, save it to your desktop and post in your next reply.
The next tool may give you the option of curing what is detected.

At this time please do not allow the tool to cure anything it detects (we only need to review the log that is created at this time).
TDSS Killer
- Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
- When the window opens, click on Change Parameters.
- Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
- Click on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Skip.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please post the aswMBR log and the TDSSKiller log in your next reply.

**Aelo123** · 2012-06-15, 23:34

I've done as you adviced, here are the logs you requested(attached)
Attachment 9597

Attachment 9598

**JonTom** · 2012-06-16, 15:17

Hello Aelo123

Please post your logs directy into your replies (there is no need to attach them).

This machine is terribly infected.

Please re-run TDSSKiller and allow it to cure (or quarantine) what it detects, then follow immediately with Combofix:

Combofix
- Download ComboFix from one of the following locations:
  
  Link 1
  Link 2
- VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
- Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
- Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
- Should there be issues with internet afterward:
  
  In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
  
  In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the TDSSKiller log and the Combofix log in your next reply.

**Aelo123** · 2012-06-16, 21:29

I attached the text because it was too long:-
Attachment 9602

**JonTom** · 2012-06-17, 13:02

Hello Aelo123

Please try running Combofix again. It may take a little time to complete so please be patient.

If (say after an hour) it has still not completed let me know.

**Aelo123** · 2012-06-18, 10:52

It was much faster this time here is the log:-
\ComboFix 12-06-15.06 - hp 18-Jun-12 10:32:38.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1567 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Read Me.txt
c:\windows\$NtUninstallKB45282$
c:\windows\$NtUninstallKB45282$\613192814\L\xadqgnnk
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\DEBUG.log
c:\windows\system32\msgb.dll
c:\windows\system32\oem44.inf
c:\windows\system32\wsun32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 08:36 . 2012-06-18 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:53 . 2012-06-18 08:38 -------- d-----w- c:\users\hp\AppData\Local\temp
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-16 08:25 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-12 17:35 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\program files\Alnaddy.com
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-11 17:56 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-08 22:04 -------- d-----w- c:\program files\BabylonToolbar
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\users\hp\AppData\Roaming\Babylon
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Babylon
2012-06-08 22:02 . 2012-06-16 18:52 -------- d-----w- c:\programdata\Codecv
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-06 09:59 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 14:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-17 21:31 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-18 07:52 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-18 08:38 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-05-30 07:49 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-18 08:38 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
2012-05-24 12:10 . 2012-05-24 12:10 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09 . 2012-05-24 12:09 -------- d-----w- c:\program files\AllGamesHome Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-06 15:59 . 2012-04-12 18:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 15:59 . 2012-03-22 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-23 22:19 . 2012-03-23 22:19 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-23 22:19 . 2012-03-23 22:19 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-23 22:19 . 2012-03-23 22:19 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-23 22:19 . 2012-03-23 22:19 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-23 22:19 . 2012-03-23 22:19 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-23 22:19 . 2012-03-23 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-23 22:19 . 2012-03-23 22:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-23 22:19 . 2012-03-23 22:19 367104 ----a-w- c:\windows\system32\html.iec
2012-03-23 22:19 . 2012-03-23 22:19 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-23 22:19 . 2012-03-23 22:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-23 22:19 . 2012-03-23 22:19 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-23 22:19 . 2012-03-23 22:19 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-23 22:19 . 2012-03-23 22:19 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-23 22:19 . 2012-03-23 22:19 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-23 22:19 . 2012-03-23 22:19 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-23 22:19 . 2012-03-23 22:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-23 22:19 . 2012-03-23 22:19 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-23 22:19 . 2012-03-23 22:19 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-23 22:19 . 2012-03-23 22:19 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-23 22:19 . 2012-03-23 22:19 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-23 22:19 . 2012-03-23 22:19 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-22 20:54 . 2012-03-22 20:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-01 15:40 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}]
2012-06-08 22:02 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}]
2012-06-04 11:31 268904 ----a-w- c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{CD3AED25-23AB-4543-B915-159449C37197}"= "c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll" [2012-06-04 286824]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{cd3aed25-23ab-4543-b915-159449c37197}]
[HKEY_CLASSES_ROOT\alnaddy.alnaddyToolbardskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\alnaddy.alnaddyToolbardskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R2 hfneavwv;SFF Storage Protocol for SDBusSupport;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
tifmsony
LMouKE
tb2launch
symlcbrd
cdr4_xp
se44nd5
StreamDispatcher
SE2Emdfl
transcode360
YMIDUSB
ATSWPDRV
qbcfmonitorservice
UVCFTR
osanbm
sp_clamsrv
SPFDRV
tvald
nv4
snoopfree
eaps2kbd
icraplus
dmprimer
crystalaps
CdaC15BA
zppinger
nhcDriverDevice
sfman
lpx
nm
StMp3Rec
mcontrol
adihdaudaddservice
ESMCR
rchost
cd20xrnt
msvsmon90
nwcworkstation
pilogsrv
cwafadmincontroller
nvcap
enodpl
pav_service
Sk9920nt
idisw2km
olcamsrv
SGHIDI
pserve
unrealircd
SMPLSCSI
_iomega_active_disk_service_
s3savagenb
cfgwzsvc
lhidusb
sskbfd
vaiomediaplatform-videoserver-appserver
SNTIE
naiavfilter1
Tablet2k
pdlnacom
nsm1bus
zpnodecollector
maxbackserviceint
pdlnatdl
StarOpen
btdriver
se58nd5
FVXSCSI
NWSLP
co_mon
CTMMOUNT
SaiH040B
siswlsvc
CTAudSvcService
z800bus
VHidMinidrv
scan
Alpham1
govsrv
PCTINDIS5
Xponaut_WBD
Ktp
gusvc
alcxsens
nocashio
avipbb
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
ARCSOFTVIRTUALCAPTURE
inotask
MXOFX
sonypvs1
pdlnemsg
Fd16_700
mnmdd
spbbcdrv
symidsco
msgsrvservice
svv
VC4CB104
Blfp
s616mdm
SNP2STD
dlcc_device
tbiosdrv
sqlagent$soshome22
W8100PCI
pclepci
qserver
schscnt
acsvc
websensecamserver
btwdndis
lvsrvlauncher
EIO
wwsecsvc
softfax
sansaservice
svcwrsssdk
AcronisOSSReinstallSvc
CSDriver
PSDFilter
ufad-ws60
sshrmd
wlmel51b
sit_flt
CX23880
pduip6000dmemcrdmgr
avupdsvc
NTACCESS
mfeapfk
DynDNS_Updater_Service
ctmmfilt
itmrtsvc
YahooAUService
wmdmpmsn
entertainment
A4S2600
k750mdfl
CE3
orbpvr
wacomvhid
lxrjd31d
acedrv07
RMSvc
mssql$microsoftsmlbiz
ossrv
mbr
s616mgmt
RDID1007
Cam5603D
viaudio
ssmdrv
vpctcom
hpzid412
tme3srv
TermService
wuauserv
BITS
ShellHWDetection
hfneavwv
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:59]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-18 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-39305673.sys
AddRemove-City Racing_is1 - d:\a\City Race\unins000.exe
AddRemove-Exotic Farm_is1 - d:\a\Exotic Farm\unins000.exe
AddRemove-Freeciv-2.3.2-gtk2 - d:\a\Freeciv 2.3.2\uninstall.exe
AddRemove-Garden Defence_is1 - d:\a\Garden Defence\unins000.exe
AddRemove-Helic_is1 - d:\a\Helic\unins000.exe
AddRemove-Nitro Racers_is1 - d:\a\Nitro Racers\unins000.exe
AddRemove-Police Supercars Racing_is1 - d:\a\Police Supercars Racing\unins000.exe
AddRemove-Quadro Racing_is1 - d:\a\Quadro Racing\unins000.exe
AddRemove-Sky Track_is1 - d:\a\Sky Track\unins000.exe
AddRemove-Sudden Strike Iwo Jima_is1 - d:\a\SS Iwo Jima\unins000.exe
AddRemove-Sudden_Strike_Normandy_is1 - d:\a\SS Normandy\unins000.exe
AddRemove-Super Bikes_is1 - d:\a\Super Bikes\unins000.exe
AddRemove-Synthesia - d:\a\Synthesia\uninstall.exe
AddRemove-Travel Agency_is1 - d:\a\Travel Agency\unins000.exe
AddRemove-VDrift - d:\a\VDrift\uninstall.exe
AddRemove-YouWave - d:\drivers\A\YouWave_Android\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(904)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(5472)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
d:\a\Programs\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\WeFi\WeFi.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-18 10:41:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 08:41
.
Pre-Run: 77,245,825,024 bytes free
Post-Run: 76,983,259,136 bytes free
.
- - End Of File - - 5FBA5475835735371247F1A8039026C5

Note: I have another problem, see if you can help me with it it please: I have my all my browsers start on alnaddy.com when my homepage was either facebook or google but when I click the homepage icon, it opens the homepage that I've set.
Thanks

**JonTom** · 2012-06-18, 20:35

Hello Aelo123

Good job getting Combofix to run.

I have my all my browsers start on alnaddy.com when my homepage was either facebook or google but when I click the homepage icon, it opens the homepage that I've set

I do not understand exatly what you are asking.

Do you wish me to remove alnaddy.com from your machine?

Please work your way through the following steps
- Open Notepad (Click on "Start" and then on "Run" and type notepad
- Click on OK.
- Notepad will open.
- Copy the text provided in the box below and paste it into Notepad (DO NOT include the word "code"):
  Code:
```
@echo off
swreg query hklm\system\currentcontrolset\services /s |(
SED -r "/^HK|^ +ImagePath.*-k netsvcs/I!d" |(
SED -r ":a; $!N;s/\n.*\t.*/\t/;ta;P;D" |(
SED -r "/.*\\(.*)\t/!d; s//\1/"
)))>Log.txt
Start Notepad Log.txt
```
- Save the text in Notepad as fix.bat, change the "Save as Type" to "All Files" and select your desktop as the save location.
- An icon will appear on your desktop called "fix.bat".
- Double click on the "fix.bat" icon.
- Please post the log in your next reply.

**Aelo123** · 2012-06-18, 23:52

Yes, I don't want the browsers to open on alnaddy.com. Here's the log:-

A4S2600
acedrv07
AcronisOSSReinstallSvc
acsvc
AeLookupSvc
Appinfo
AppMgmt
avupdsvc
BDESVC
BITS
Browser
Cam5603D
CdaC15BA
cdr4_xp
CE3
CertPropSvc
cfgwzsvc
crystalaps
ctmmfilt
dmprimer
DynDNS_Updater_Service
EapHost
eaps2kbd
entertainment
gpsvc
hfneavwv
hkmsvc
hpzid412
icraplus
IKEEXT
iphlpsvc
itmrtsvc
k750mdfl
LanmanServer
LMouKE
lpx
lxrjd31d
mfeapfk
MMCSS
MSiSCSI
mssql$microsoftsmlbiz
nhcDriverDevice
NTACCESS
nv4
orbpvr
osanbm
ossrv
pclepci
ProfSvc
qbcfmonitorservice
RasAuto
RasMan
rchost
RDID1007
RemoteAccess
RMSvc
s3savagenb
s616mgmt
Schedule
schscnt
SCPolicySvc
SE2Emdfl
se44nd5
seclogon
SENS
SessionEnv
sfman
SharedAccess
ShellHWDetection
siswlsvc
SMPLSCSI
snoopfree
SPFDRV
sp_clamsrv
ssmdrv
StreamDispatcher
symlcbrd
tb2launch
Themes
tifmsony
tme3srv
transcode360
tvald
unrealircd
UVCFTR
viaudio
vpctcom
W8100PCI
wacomvhid
wercplsupport
Winmgmt
wmdmpmsn
wuauserv
YahooAUService
YMIDUSB
zppinger
_iomega_active_disk_service_

**JonTom** · 2012-06-19, 12:24

Hello Aelo123

Thank you for the log.

Yes, I don't want the browsers to open on alnaddy.com

We can take care of that as part of our fix in due course.

Right now I need a little more information.

Download and run OTL by Oldtimer
- Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
- Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
- Check the boxes beside "LOP Check" and "Purity Check".
- Under Custom Scan paste this in:
msconfig
safebootminimal
activex
drivers32
netsvcs /all
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
services.*
winlogon.exe
wininit.exe
tdx.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
- Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
- When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
- Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

Thread: A case of several viruses invading system registry

Thread Tools

Display

A case of several viruses invading system registry

Posting Permissions