Can't run DDS, Spybot or CCleaner or avgmfapx message

Merlin · May 18, 2011

Hi,

i noticed that every so often over the past 1 or 2 days avgmfapx would close. My internet has been very sluggish all of a sudden. I tried to search for a problem and found that i can't run:

Spybot
Ccleaner
DDs

It's always a "Windows cannot find" message

I've got an updated AVG and so far it has found nothing

However i finally did manage to get Spybot running via one of the scr files and this is what i got on running a scan:

Opachki.ru - removed it.

Here's the log:

Hint of the Day: Click the bar at the right of this to see more information! ()

Opachki.ru: [SBI $9E90BA5A] Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-488920656-923882004-2919504125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-16 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thanks,
A

Sorry i forgot to mention that my OS is Win 7 Ultimate, SP1 64-bit

Also, AVG returned nothing on scans

Blade81 · May 25, 2011

Hi,

Download DDS and save it to your desktop from here. Rename the file to merlin.com and see if you're able to run it. If successful, post back dds.txt & attach.txt logs.

Merlin · May 25, 2011

Renamed the file to merlin.com and it says the same thing it does for everything else"

"Windows cannot find 'C:\Users\Arafat\Desktop\Merlin.com' Make sure you typed the name correctly, and then try again "

I then ran it from Safemode. Infact I can run everything from Safemode without any messages

Here's the DDS log and I've attached the Attach.txt file:

.
DDS (Ver_11-05-19.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Arafat at 18:41:29 on 2011-05-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.3366 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Arafat\Desktop\Merlin.com
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Arafat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 102.54.94.97 rhino.acme.com # source server
Hosts: 38.25.63.10 x.acme.com # x client host
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arafat\AppData\Roaming\Mozilla\Firefox\Profiles\brjkibx7.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: D:\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Arafat\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Arafat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: D:\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: D:\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: D:\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-11-14 109056]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;D:\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-1-6 8192]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-24 17:20:29 -------- d-----w- C:\Users\Arafat\AppData\Local\{F89D2A5B-1CEC-45DC-98CD-3B8C27C55EEE}
2011-05-23 17:20:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{4DE85A21-2AE4-47ED-BC23-4F1B47C9B7B2}
2011-05-22 14:50:15 -------- d-----w- C:\Users\Arafat\AppData\Local\{53869421-6B45-47B0-BAAE-AC1408A79C47}
2011-05-21 19:33:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{28E7D7E8-526F-4ADB-8181-667D33A61DFC}
2011-05-20 11:15:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{56890F7F-2472-4A8F-A825-0DA532617CE6}
2011-05-19 19:36:48 -------- d-----w- C:\Users\Arafat\AppData\Local\{8C0B880F-FE73-42DE-9E92-B6446DDFEED8}
2011-05-19 07:22:39 -------- d-----w- C:\Users\Arafat\AppData\Local\{B9C6FE17-3E5D-445E-81FC-B36AC7E71BFD}
2011-05-17 17:00:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{722E076A-2A84-4677-817F-9B07F571FAF7}
2011-05-16 19:38:31 -------- d-----w- C:\Windows\CheckSur
2011-05-16 13:33:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{BDF4F900-0721-419A-8ED0-6523DC1EAE5B}
2011-05-15 19:35:45 -------- d-----w- C:\Users\Arafat\AppData\Local\{030EF9CD-9022-4E12-9DBB-B84C85271380}
2011-05-14 10:01:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{45440B02-B680-4F0C-8383-77335D4A364D}
2011-05-13 12:22:47 -------- d-----w- C:\Users\Arafat\AppData\Local\{F1CA829F-9FBD-4126-B743-964971EFE397}
2011-05-13 00:22:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{DBF4DA55-5321-4C54-BC10-064FB4195B9A}
2011-05-12 16:23:19 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-12 16:23:19 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 16:23:18 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-12 16:23:17 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-12 16:23:17 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-12 16:23:08 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-12 16:23:07 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-12 16:23:07 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-12 16:23:07 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-12 16:23:07 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-12 16:23:07 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-12 16:23:07 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-12 12:21:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{F406B812-45E2-4230-BA50-E83EF04489A8}
2011-05-11 12:00:13 -------- d-----w- C:\Users\Arafat\AppData\Local\{28908B83-A866-4881-A0DF-9D4B9725212C}
2011-05-10 19:56:05 -------- d-----w- C:\Users\Arafat\AppData\Local\{734B2427-E039-4411-8F79-E012EEBC64E2}
2011-05-10 14:40:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{35249393-6A33-453D-953B-FABE876212B1}
2011-05-09 10:50:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{75B41FDB-2E3E-4CFC-8BD1-317E811B15EE}
2011-05-08 14:05:17 -------- d-----w- C:\Users\Arafat\AppData\Local\{1634022F-82E0-4C38-89D3-F73F04AC2E67}
2011-05-07 23:03:35 -------- d-----w- C:\Users\Arafat\AppData\Local\{46675658-ABF9-40D2-9B55-95A46081EE73}
2011-05-07 11:03:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{C674A4FC-A059-48FE-A0EC-3CBF6BE88701}
2011-05-06 22:25:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{373DC4A2-95CD-4835-96E2-7EFEF26C78DD}
2011-05-05 00:10:00 -------- d-----w- C:\Users\Arafat\AppData\Local\{FD4D9AE6-5699-4411-AFCD-F33C725CD855}
2011-05-04 12:09:24 -------- d-----w- C:\Users\Arafat\AppData\Local\{A1534F8F-DF95-4875-9AE8-C5B9B3CB7EB5}
2011-05-03 18:09:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{B8A096B0-ABB0-46A5-A046-6702D317EB29}
2011-04-29 18:49:19 -------- d-----w- C:\Users\Arafat\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-29 18:49:18 -------- d-----w- C:\Users\Arafat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-28 17:33:32 -------- d-----w- C:\Users\Arafat\AppData\Local\LogMeIn Hamachi
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-26 03:55:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{8D1EDC76-8B80-469A-B1C7-3BA58AE0635D}
.
==================== Find3M ====================
.
2011-04-05 17:52:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-05 17:52:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-25 19:47:02 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-03-19 11:43:50 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 12:02:41 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll_old0
2011-03-07 06:31:43 1491456 ----a-w- C:\Windows\System32\urlmon.dll_old0
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll_old0
2011-03-07 05:33:10 1230336 ----a-w- C:\Windows\SysWow64\urlmon.dll_old0
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
.
============= FINISH: 18:42:32.02 ===============

Blade81 · May 25, 2011

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze

I'd like you to read this thread.

Uninstall the programs listed above (in red). When done, post fresh dds logs.

Merlin · May 25, 2011

Removed Vuze

Here's the DDS log:

.
DDS (Ver_11-05-19.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Arafat at 19:34:03 on 2011-05-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2946 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\DllHost.exe
C:\Users\Arafat\Desktop\New folder\Fixing\Merlin.com
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Arafat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 102.54.94.97 rhino.acme.com # source server
Hosts: 38.25.63.10 x.acme.com # x client host
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arafat\AppData\Roaming\Mozilla\Firefox\Profiles\brjkibx7.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: D:\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Arafat\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Arafat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: D:\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: D:\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: D:\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-11-14 109056]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;D:\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-1-6 8192]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-24 17:20:29 -------- d-----w- C:\Users\Arafat\AppData\Local\{F89D2A5B-1CEC-45DC-98CD-3B8C27C55EEE}
2011-05-23 17:20:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{4DE85A21-2AE4-47ED-BC23-4F1B47C9B7B2}
2011-05-22 14:50:15 -------- d-----w- C:\Users\Arafat\AppData\Local\{53869421-6B45-47B0-BAAE-AC1408A79C47}
2011-05-21 19:33:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{28E7D7E8-526F-4ADB-8181-667D33A61DFC}
2011-05-20 11:15:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{56890F7F-2472-4A8F-A825-0DA532617CE6}
2011-05-19 19:36:48 -------- d-----w- C:\Users\Arafat\AppData\Local\{8C0B880F-FE73-42DE-9E92-B6446DDFEED8}
2011-05-19 07:22:39 -------- d-----w- C:\Users\Arafat\AppData\Local\{B9C6FE17-3E5D-445E-81FC-B36AC7E71BFD}
2011-05-17 17:00:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{722E076A-2A84-4677-817F-9B07F571FAF7}
2011-05-16 19:38:31 -------- d-----w- C:\Windows\CheckSur
2011-05-16 13:33:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{BDF4F900-0721-419A-8ED0-6523DC1EAE5B}
2011-05-15 19:35:45 -------- d-----w- C:\Users\Arafat\AppData\Local\{030EF9CD-9022-4E12-9DBB-B84C85271380}
2011-05-14 10:01:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{45440B02-B680-4F0C-8383-77335D4A364D}
2011-05-13 12:22:47 -------- d-----w- C:\Users\Arafat\AppData\Local\{F1CA829F-9FBD-4126-B743-964971EFE397}
2011-05-13 00:22:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{DBF4DA55-5321-4C54-BC10-064FB4195B9A}
2011-05-12 16:23:19 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-12 16:23:19 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 16:23:18 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-12 16:23:17 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-12 16:23:17 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-12 16:23:08 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-12 16:23:07 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-12 16:23:07 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-12 16:23:07 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-12 16:23:07 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-12 16:23:07 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-12 16:23:07 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-12 12:21:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{F406B812-45E2-4230-BA50-E83EF04489A8}
2011-05-11 12:00:13 -------- d-----w- C:\Users\Arafat\AppData\Local\{28908B83-A866-4881-A0DF-9D4B9725212C}
2011-05-10 19:56:05 -------- d-----w- C:\Users\Arafat\AppData\Local\{734B2427-E039-4411-8F79-E012EEBC64E2}
2011-05-10 14:40:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{35249393-6A33-453D-953B-FABE876212B1}
2011-05-09 10:50:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{75B41FDB-2E3E-4CFC-8BD1-317E811B15EE}
2011-05-08 14:05:17 -------- d-----w- C:\Users\Arafat\AppData\Local\{1634022F-82E0-4C38-89D3-F73F04AC2E67}
2011-05-07 23:03:35 -------- d-----w- C:\Users\Arafat\AppData\Local\{46675658-ABF9-40D2-9B55-95A46081EE73}
2011-05-07 11:03:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{C674A4FC-A059-48FE-A0EC-3CBF6BE88701}
2011-05-06 22:25:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{373DC4A2-95CD-4835-96E2-7EFEF26C78DD}
2011-05-05 00:10:00 -------- d-----w- C:\Users\Arafat\AppData\Local\{FD4D9AE6-5699-4411-AFCD-F33C725CD855}
2011-05-04 12:09:24 -------- d-----w- C:\Users\Arafat\AppData\Local\{A1534F8F-DF95-4875-9AE8-C5B9B3CB7EB5}
2011-05-03 18:09:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{B8A096B0-ABB0-46A5-A046-6702D317EB29}
2011-04-29 18:49:19 -------- d-----w- C:\Users\Arafat\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-29 18:49:18 -------- d-----w- C:\Users\Arafat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-28 17:33:32 -------- d-----w- C:\Users\Arafat\AppData\Local\LogMeIn Hamachi
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-26 03:55:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{8D1EDC76-8B80-469A-B1C7-3BA58AE0635D}
.
==================== Find3M ====================
.
2011-04-05 17:52:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-05 17:52:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-25 19:47:02 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-03-19 11:43:50 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 12:02:41 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll_old0
2011-03-07 06:31:43 1491456 ----a-w- C:\Windows\System32\urlmon.dll_old0
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll_old0
2011-03-07 05:33:10 1230336 ----a-w- C:\Windows\SysWow64\urlmon.dll_old0
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
.
============= FINISH: 19:34:54.64 ===============

Blade81 · May 25, 2011

Post attach.txt part too, please.

Merlin · May 25, 2011

Here's the Attach.zip file

Blade81 · May 25, 2011

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Merlin · May 26, 2011

Sorry it took me a while too figure out how to remove all traces of AVG as otherwise Combofix won't run.

I am without an antivirus protection for the moment, just Spybot

here are the Combofix and DDS logs

Combofix:

ComboFix 11-05-25.01 - Arafat 05/26/2011 9:10.1.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2964 [GMT 3:00]
Running from: c:\users\Arafat\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WINDOWS_7_LOADER_EXTREME_EDITION_3006.EXE
c:\windows_7_loader_extreme_edition_3006.exe\WINDOWS_7_LOADER_EXTREME_EDITION_3006.EXE
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 06:15 . 2011-05-26 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 17:20 . 2011-05-24 17:20 -------- d-----w- c:\users\Arafat\AppData\Local\{F89D2A5B-1CEC-45DC-98CD-3B8C27C55EEE}
2011-05-23 17:20 . 2011-05-23 17:21 -------- d-----w- c:\users\Arafat\AppData\Local\{4DE85A21-2AE4-47ED-BC23-4F1B47C9B7B2}
2011-05-22 14:50 . 2011-05-22 14:50 -------- d-----w- c:\users\Arafat\AppData\Local\{53869421-6B45-47B0-BAAE-AC1408A79C47}
2011-05-21 19:33 . 2011-05-21 19:34 -------- d-----w- c:\users\Arafat\AppData\Local\{28E7D7E8-526F-4ADB-8181-667D33A61DFC}
2011-05-20 11:15 . 2011-05-20 11:16 -------- d-----w- c:\users\Arafat\AppData\Local\{56890F7F-2472-4A8F-A825-0DA532617CE6}
2011-05-19 19:36 . 2011-05-19 19:36 -------- d-----w- c:\users\Arafat\AppData\Local\{8C0B880F-FE73-42DE-9E92-B6446DDFEED8}
2011-05-19 07:22 . 2011-05-19 07:22 -------- d-----w- c:\users\Arafat\AppData\Local\{B9C6FE17-3E5D-445E-81FC-B36AC7E71BFD}
2011-05-17 17:00 . 2011-05-17 17:01 -------- d-----w- c:\users\Arafat\AppData\Local\{722E076A-2A84-4677-817F-9B07F571FAF7}
2011-05-16 19:38 . 2011-05-16 19:38 -------- d-----w- c:\windows\CheckSur
2011-05-16 13:33 . 2011-05-16 13:33 -------- d-----w- c:\users\Arafat\AppData\Local\{BDF4F900-0721-419A-8ED0-6523DC1EAE5B}
2011-05-15 19:35 . 2011-05-15 19:35 -------- d-----w- c:\users\Arafat\AppData\Local\{030EF9CD-9022-4E12-9DBB-B84C85271380}
2011-05-14 10:01 . 2011-05-14 10:01 -------- d-----w- c:\users\Arafat\AppData\Local\{45440B02-B680-4F0C-8383-77335D4A364D}
2011-05-13 12:22 . 2011-05-13 12:23 -------- d-----w- c:\users\Arafat\AppData\Local\{F1CA829F-9FBD-4126-B743-964971EFE397}
2011-05-13 00:22 . 2011-05-13 00:22 -------- d-----w- c:\users\Arafat\AppData\Local\{DBF4DA55-5321-4C54-BC10-064FB4195B9A}
2011-05-12 16:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 16:23 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-12 16:23 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 16:23 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 16:23 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 16:23 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-12 16:23 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-12 16:23 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-12 16:23 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-12 16:23 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-12 16:23 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-12 16:23 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-12 12:21 . 2011-05-12 12:21 -------- d-----w- c:\users\Arafat\AppData\Local\{F406B812-45E2-4230-BA50-E83EF04489A8}
2011-05-11 12:00 . 2011-05-11 12:00 -------- d-----w- c:\users\Arafat\AppData\Local\{28908B83-A866-4881-A0DF-9D4B9725212C}
2011-05-10 19:56 . 2011-05-10 19:56 -------- d-----w- c:\users\Arafat\AppData\Local\{734B2427-E039-4411-8F79-E012EEBC64E2}
2011-05-10 14:40 . 2011-05-10 14:41 -------- d-----w- c:\users\Arafat\AppData\Local\{35249393-6A33-453D-953B-FABE876212B1}
2011-05-09 10:50 . 2011-05-09 10:50 -------- d-----w- c:\users\Arafat\AppData\Local\{75B41FDB-2E3E-4CFC-8BD1-317E811B15EE}
2011-05-08 14:05 . 2011-05-08 14:05 -------- d-----w- c:\users\Arafat\AppData\Local\{1634022F-82E0-4C38-89D3-F73F04AC2E67}
2011-05-07 23:03 . 2011-05-07 23:03 -------- d-----w- c:\users\Arafat\AppData\Local\{46675658-ABF9-40D2-9B55-95A46081EE73}
2011-05-07 11:03 . 2011-05-07 11:03 -------- d-----w- c:\users\Arafat\AppData\Local\{C674A4FC-A059-48FE-A0EC-3CBF6BE88701}
2011-05-06 22:25 . 2011-05-06 22:25 -------- d-----w- c:\users\Arafat\AppData\Local\{373DC4A2-95CD-4835-96E2-7EFEF26C78DD}
2011-05-05 00:10 . 2011-05-05 00:10 -------- d-----w- c:\users\Arafat\AppData\Local\{FD4D9AE6-5699-4411-AFCD-F33C725CD855}
2011-05-04 12:09 . 2011-05-04 12:09 -------- d-----w- c:\users\Arafat\AppData\Local\{A1534F8F-DF95-4875-9AE8-C5B9B3CB7EB5}
2011-05-03 18:09 . 2011-05-03 18:09 -------- d-----w- c:\users\Arafat\AppData\Local\{B8A096B0-ABB0-46A5-A046-6702D317EB29}
2011-04-30 17:17 . 2011-04-30 17:17 -------- d-----w- c:\users\Public\Recorded TV
2011-04-29 18:49 . 2011-04-29 18:49 -------- d-----w- c:\users\Arafat\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-29 18:49 . 2011-04-29 18:49 -------- d-----w- c:\users\Arafat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-28 17:33 . 2011-05-22 04:40 -------- d-----w- c:\users\Arafat\AppData\Local\LogMeIn Hamachi
2011-04-27 19:32 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 19:32 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 18:02 . 2011-04-26 18:02 -------- d-----w- c:\program files (x86)\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 09:22 . 2011-04-23 09:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-23 09:22 . 2011-04-23 09:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-23 09:22 . 2011-04-23 09:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-23 09:22 . 2011-04-23 09:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-23 09:22 . 2011-04-23 09:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-23 09:22 . 2011-04-23 09:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-23 09:22 . 2011-04-23 09:22 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-23 09:22 . 2011-04-23 09:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-23 09:22 . 2011-04-23 09:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-23 09:22 . 2011-04-23 09:22 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-23 09:22 . 2011-04-23 09:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-23 09:22 . 2011-04-23 09:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-23 09:22 . 2011-04-23 09:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-23 09:22 . 2011-04-23 09:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-23 09:22 . 2011-04-23 09:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-23 09:22 . 2011-04-23 09:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-23 09:22 . 2011-04-23 09:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-23 09:22 . 2011-04-23 09:22 448512 ----a-w- c:\windows\system32\html.iec
2011-04-23 09:22 . 2011-04-23 09:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-23 09:22 . 2011-04-23 09:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-23 09:22 . 2011-04-23 09:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-23 09:22 . 2011-04-23 09:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-23 09:22 . 2011-04-23 09:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-23 09:22 . 2011-04-23 09:22 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 09:22 . 2011-04-23 09:22 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-23 09:22 . 2011-04-23 09:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-23 09:22 . 2011-04-23 09:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-23 09:22 . 2011-04-23 09:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-23 09:22 . 2011-04-23 09:22 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-23 09:22 . 2011-04-23 09:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-23 09:22 . 2011-04-23 09:22 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-23 09:22 . 2011-04-23 09:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-23 09:22 . 2011-04-23 09:22 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-23 09:22 . 2011-04-23 09:22 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-23 09:22 . 2011-04-23 09:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-23 09:22 . 2011-04-23 09:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-23 09:22 . 2011-04-23 09:22 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-23 09:22 . 2011-04-23 09:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-23 09:22 . 2011-04-23 09:22 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-05 17:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-05 17:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-25 19:47 . 2011-03-25 19:47 53248 ----a-r- c:\users\Arafat\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-25 19:47 . 2011-03-25 19:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-19 11:43 . 2011-03-08 18:25 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-11 06:34 . 2011-04-19 23:31 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-19 23:31 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-19 23:31 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-19 23:31 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-10 12:02 . 2011-03-08 18:25 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-09 12:26 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:29 . 2011-04-19 23:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-19 23:31 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-19 23:31 1188864 ----a-w- c:\windows\system32\wininet.dll_old0
2011-03-07 06:31 . 2011-04-19 23:31 1491456 ----a-w- c:\windows\system32\urlmon.dll_old0
2011-03-07 05:33 . 2011-04-19 23:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll_old0
2011-03-07 05:33 . 2011-04-19 23:31 1230336 ----a-w- c:\windows\SysWow64\urlmon.dll_old0
2011-03-04 06:19 . 2011-04-27 19:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 19:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-19 23:31 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-19 23:31 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-19 23:31 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-19 23:31 3135488 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\logmein hamachi\hamachi-2.exe [2011-03-28 2111368]
R3 ALSysIO;ALSysIO;c:\users\Arafat\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488920656-923882004-2919504125-1000Core.job
- c:\users\Arafat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 21:18]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488920656-923882004-2919504125-1000UA.job
- c:\users\Arafat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 21:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\micros~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\micros~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Arafat\AppData\Roaming\Mozilla\Firefox\Profiles\brjkibx7.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-488920656-923882004-2919504125-1000\Software\SecuROM\License information*]
"datasecu"=hex:2d,54,ca,c7,67,e8,33,51,78,d5,b0,38,26,50,f9,81,5f,37,b8,f5,db,
f8,16,e6,4d,54,55,67,77,e9,6a,a4,d3,8f,ba,2b,bf,e7,75,b8,e7,be,de,ed,0d,20,\
"rkeysecu"=hex:2f,39,a8,68,ed,3f,13,ee,4c,92,12,48,6f,d3,8e,54
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-26 09:16:49
ComboFix-quarantined-files.txt 2011-05-26 06:16
.
Pre-Run: 32,714,440,704 bytes free
Post-Run: 32,311,721,984 bytes free
.
- - End Of File - - 047DE59756FD341738CE003E763F4DC1

DDS log:
.
DDS (Ver_11-05-19.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Arafat at 9:30:17 on 2011-05-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.3138 [GMT 3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Arafat\Desktop\New folder\Fixing\Merlin.com
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arafat\AppData\Roaming\Mozilla\Firefox\Profiles\brjkibx7.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Arafat\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Arafat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: D:\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: D:\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: D:\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-11-14 109056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;D:\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-1-6 8192]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-26 06:26:27 8006480 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-26 06:26:23 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6D451A7-2481-418B-905A-A68AEEA9E36C}\mpengine.dll
2011-05-26 06:19:46 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-26 01:41:29 98816 ----a-w- C:\Windows\sed.exe
2011-05-26 01:41:29 89088 ----a-w- C:\Windows\MBR.exe
2011-05-26 01:41:29 256512 ----a-w- C:\Windows\PEV.exe
2011-05-26 01:41:29 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-24 17:20:29 -------- d-----w- C:\Users\Arafat\AppData\Local\{F89D2A5B-1CEC-45DC-98CD-3B8C27C55EEE}
2011-05-23 17:20:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{4DE85A21-2AE4-47ED-BC23-4F1B47C9B7B2}
2011-05-22 14:50:15 -------- d-----w- C:\Users\Arafat\AppData\Local\{53869421-6B45-47B0-BAAE-AC1408A79C47}
2011-05-21 19:33:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{28E7D7E8-526F-4ADB-8181-667D33A61DFC}
2011-05-20 11:15:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{56890F7F-2472-4A8F-A825-0DA532617CE6}
2011-05-19 19:36:48 -------- d-----w- C:\Users\Arafat\AppData\Local\{8C0B880F-FE73-42DE-9E92-B6446DDFEED8}
2011-05-19 07:22:39 -------- d-----w- C:\Users\Arafat\AppData\Local\{B9C6FE17-3E5D-445E-81FC-B36AC7E71BFD}
2011-05-17 17:00:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{722E076A-2A84-4677-817F-9B07F571FAF7}
2011-05-16 19:38:31 -------- d-----w- C:\Windows\CheckSur
2011-05-16 13:33:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{BDF4F900-0721-419A-8ED0-6523DC1EAE5B}
2011-05-15 19:35:45 -------- d-----w- C:\Users\Arafat\AppData\Local\{030EF9CD-9022-4E12-9DBB-B84C85271380}
2011-05-14 10:01:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{45440B02-B680-4F0C-8383-77335D4A364D}
2011-05-13 12:22:47 -------- d-----w- C:\Users\Arafat\AppData\Local\{F1CA829F-9FBD-4126-B743-964971EFE397}
2011-05-13 00:22:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{DBF4DA55-5321-4C54-BC10-064FB4195B9A}
2011-05-12 16:23:19 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-12 16:23:19 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 16:23:18 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-12 16:23:17 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-12 16:23:17 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-12 16:23:08 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-12 16:23:07 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-12 16:23:07 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-12 16:23:07 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-12 16:23:07 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-12 16:23:07 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-12 16:23:07 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-12 12:21:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{F406B812-45E2-4230-BA50-E83EF04489A8}
2011-05-11 12:00:13 -------- d-----w- C:\Users\Arafat\AppData\Local\{28908B83-A866-4881-A0DF-9D4B9725212C}
2011-05-10 19:56:05 -------- d-----w- C:\Users\Arafat\AppData\Local\{734B2427-E039-4411-8F79-E012EEBC64E2}
2011-05-10 14:40:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{35249393-6A33-453D-953B-FABE876212B1}
2011-05-09 10:50:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{75B41FDB-2E3E-4CFC-8BD1-317E811B15EE}
2011-05-08 14:05:17 -------- d-----w- C:\Users\Arafat\AppData\Local\{1634022F-82E0-4C38-89D3-F73F04AC2E67}
2011-05-07 23:03:35 -------- d-----w- C:\Users\Arafat\AppData\Local\{46675658-ABF9-40D2-9B55-95A46081EE73}
2011-05-07 11:03:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{C674A4FC-A059-48FE-A0EC-3CBF6BE88701}
2011-05-06 22:25:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{373DC4A2-95CD-4835-96E2-7EFEF26C78DD}
2011-05-05 00:10:00 -------- d-----w- C:\Users\Arafat\AppData\Local\{FD4D9AE6-5699-4411-AFCD-F33C725CD855}
2011-05-04 12:09:24 -------- d-----w- C:\Users\Arafat\AppData\Local\{A1534F8F-DF95-4875-9AE8-C5B9B3CB7EB5}
2011-05-03 18:09:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{B8A096B0-ABB0-46A5-A046-6702D317EB29}
2011-04-29 18:49:19 -------- d-----w- C:\Users\Arafat\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-29 18:49:18 -------- d-----w- C:\Users\Arafat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-28 17:33:32 -------- d-----w- C:\Users\Arafat\AppData\Local\LogMeIn Hamachi
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
.
==================== Find3M ====================
.
2011-04-05 17:52:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-05 17:52:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-25 19:47:02 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-03-19 11:43:50 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 12:02:41 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll_old0
2011-03-07 06:31:43 1491456 ----a-w- C:\Windows\System32\urlmon.dll_old0
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll_old0
2011-03-07 05:33:10 1230336 ----a-w- C:\Windows\SysWow64\urlmon.dll_old0
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 9:31:16.28 ===============

Merlin · May 26, 2011

Sorry it took me a while too figure out how to remove all traces of AVG as otherwise Combofix won't run.

I am without an antivirus protection for the moment, just Spybot

However, the issue still remains. I still cannot run ccleaner, Spybot, DDS or even get to regedit in normal mode. I've been doing everything from Safemode.

here are the Combofix and DDS logs

Combofix:

ComboFix 11-05-25.01 - Arafat 05/26/2011 9:10.1.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2964 [GMT 3:00]
Running from: c:\users\Arafat\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WINDOWS_7_LOADER_EXTREME_EDITION_3006.EXE
c:\windows_7_loader_extreme_edition_3006.exe\WINDOWS_7_LOADER_EXTREME_EDITION_3006.EXE
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 06:15 . 2011-05-26 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 17:20 . 2011-05-24 17:20 -------- d-----w- c:\users\Arafat\AppData\Local\{F89D2A5B-1CEC-45DC-98CD-3B8C27C55EEE}
2011-05-23 17:20 . 2011-05-23 17:21 -------- d-----w- c:\users\Arafat\AppData\Local\{4DE85A21-2AE4-47ED-BC23-4F1B47C9B7B2}
2011-05-22 14:50 . 2011-05-22 14:50 -------- d-----w- c:\users\Arafat\AppData\Local\{53869421-6B45-47B0-BAAE-AC1408A79C47}
2011-05-21 19:33 . 2011-05-21 19:34 -------- d-----w- c:\users\Arafat\AppData\Local\{28E7D7E8-526F-4ADB-8181-667D33A61DFC}
2011-05-20 11:15 . 2011-05-20 11:16 -------- d-----w- c:\users\Arafat\AppData\Local\{56890F7F-2472-4A8F-A825-0DA532617CE6}
2011-05-19 19:36 . 2011-05-19 19:36 -------- d-----w- c:\users\Arafat\AppData\Local\{8C0B880F-FE73-42DE-9E92-B6446DDFEED8}
2011-05-19 07:22 . 2011-05-19 07:22 -------- d-----w- c:\users\Arafat\AppData\Local\{B9C6FE17-3E5D-445E-81FC-B36AC7E71BFD}
2011-05-17 17:00 . 2011-05-17 17:01 -------- d-----w- c:\users\Arafat\AppData\Local\{722E076A-2A84-4677-817F-9B07F571FAF7}
2011-05-16 19:38 . 2011-05-16 19:38 -------- d-----w- c:\windows\CheckSur
2011-05-16 13:33 . 2011-05-16 13:33 -------- d-----w- c:\users\Arafat\AppData\Local\{BDF4F900-0721-419A-8ED0-6523DC1EAE5B}
2011-05-15 19:35 . 2011-05-15 19:35 -------- d-----w- c:\users\Arafat\AppData\Local\{030EF9CD-9022-4E12-9DBB-B84C85271380}
2011-05-14 10:01 . 2011-05-14 10:01 -------- d-----w- c:\users\Arafat\AppData\Local\{45440B02-B680-4F0C-8383-77335D4A364D}
2011-05-13 12:22 . 2011-05-13 12:23 -------- d-----w- c:\users\Arafat\AppData\Local\{F1CA829F-9FBD-4126-B743-964971EFE397}
2011-05-13 00:22 . 2011-05-13 00:22 -------- d-----w- c:\users\Arafat\AppData\Local\{DBF4DA55-5321-4C54-BC10-064FB4195B9A}
2011-05-12 16:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 16:23 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-12 16:23 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 16:23 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 16:23 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 16:23 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-12 16:23 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-12 16:23 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-12 16:23 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-12 16:23 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-12 16:23 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-12 16:23 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-12 12:21 . 2011-05-12 12:21 -------- d-----w- c:\users\Arafat\AppData\Local\{F406B812-45E2-4230-BA50-E83EF04489A8}
2011-05-11 12:00 . 2011-05-11 12:00 -------- d-----w- c:\users\Arafat\AppData\Local\{28908B83-A866-4881-A0DF-9D4B9725212C}
2011-05-10 19:56 . 2011-05-10 19:56 -------- d-----w- c:\users\Arafat\AppData\Local\{734B2427-E039-4411-8F79-E012EEBC64E2}
2011-05-10 14:40 . 2011-05-10 14:41 -------- d-----w- c:\users\Arafat\AppData\Local\{35249393-6A33-453D-953B-FABE876212B1}
2011-05-09 10:50 . 2011-05-09 10:50 -------- d-----w- c:\users\Arafat\AppData\Local\{75B41FDB-2E3E-4CFC-8BD1-317E811B15EE}
2011-05-08 14:05 . 2011-05-08 14:05 -------- d-----w- c:\users\Arafat\AppData\Local\{1634022F-82E0-4C38-89D3-F73F04AC2E67}
2011-05-07 23:03 . 2011-05-07 23:03 -------- d-----w- c:\users\Arafat\AppData\Local\{46675658-ABF9-40D2-9B55-95A46081EE73}
2011-05-07 11:03 . 2011-05-07 11:03 -------- d-----w- c:\users\Arafat\AppData\Local\{C674A4FC-A059-48FE-A0EC-3CBF6BE88701}
2011-05-06 22:25 . 2011-05-06 22:25 -------- d-----w- c:\users\Arafat\AppData\Local\{373DC4A2-95CD-4835-96E2-7EFEF26C78DD}
2011-05-05 00:10 . 2011-05-05 00:10 -------- d-----w- c:\users\Arafat\AppData\Local\{FD4D9AE6-5699-4411-AFCD-F33C725CD855}
2011-05-04 12:09 . 2011-05-04 12:09 -------- d-----w- c:\users\Arafat\AppData\Local\{A1534F8F-DF95-4875-9AE8-C5B9B3CB7EB5}
2011-05-03 18:09 . 2011-05-03 18:09 -------- d-----w- c:\users\Arafat\AppData\Local\{B8A096B0-ABB0-46A5-A046-6702D317EB29}
2011-04-30 17:17 . 2011-04-30 17:17 -------- d-----w- c:\users\Public\Recorded TV
2011-04-29 18:49 . 2011-04-29 18:49 -------- d-----w- c:\users\Arafat\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-29 18:49 . 2011-04-29 18:49 -------- d-----w- c:\users\Arafat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-28 17:33 . 2011-05-22 04:40 -------- d-----w- c:\users\Arafat\AppData\Local\LogMeIn Hamachi
2011-04-27 19:32 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 19:32 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 18:02 . 2011-04-26 18:02 -------- d-----w- c:\program files (x86)\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 09:22 . 2011-04-23 09:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-23 09:22 . 2011-04-23 09:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-23 09:22 . 2011-04-23 09:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-23 09:22 . 2011-04-23 09:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-23 09:22 . 2011-04-23 09:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-23 09:22 . 2011-04-23 09:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-23 09:22 . 2011-04-23 09:22 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-23 09:22 . 2011-04-23 09:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-23 09:22 . 2011-04-23 09:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-23 09:22 . 2011-04-23 09:22 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-23 09:22 . 2011-04-23 09:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-23 09:22 . 2011-04-23 09:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-23 09:22 . 2011-04-23 09:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-23 09:22 . 2011-04-23 09:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-23 09:22 . 2011-04-23 09:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-23 09:22 . 2011-04-23 09:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-23 09:22 . 2011-04-23 09:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-23 09:22 . 2011-04-23 09:22 448512 ----a-w- c:\windows\system32\html.iec
2011-04-23 09:22 . 2011-04-23 09:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-23 09:22 . 2011-04-23 09:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-23 09:22 . 2011-04-23 09:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-23 09:22 . 2011-04-23 09:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-23 09:22 . 2011-04-23 09:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-23 09:22 . 2011-04-23 09:22 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 09:22 . 2011-04-23 09:22 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-23 09:22 . 2011-04-23 09:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-23 09:22 . 2011-04-23 09:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-23 09:22 . 2011-04-23 09:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-23 09:22 . 2011-04-23 09:22 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-23 09:22 . 2011-04-23 09:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-23 09:22 . 2011-04-23 09:22 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-23 09:22 . 2011-04-23 09:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-23 09:22 . 2011-04-23 09:22 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-23 09:22 . 2011-04-23 09:22 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-23 09:22 . 2011-04-23 09:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-23 09:22 . 2011-04-23 09:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-23 09:22 . 2011-04-23 09:22 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-23 09:22 . 2011-04-23 09:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-23 09:22 . 2011-04-23 09:22 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-05 17:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-05 17:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-25 19:47 . 2011-03-25 19:47 53248 ----a-r- c:\users\Arafat\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-25 19:47 . 2011-03-25 19:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-19 11:43 . 2011-03-08 18:25 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-11 06:34 . 2011-04-19 23:31 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-19 23:31 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-19 23:31 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-19 23:31 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-10 12:02 . 2011-03-08 18:25 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-09 12:26 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:29 . 2011-04-19 23:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-19 23:31 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-19 23:31 1188864 ----a-w- c:\windows\system32\wininet.dll_old0
2011-03-07 06:31 . 2011-04-19 23:31 1491456 ----a-w- c:\windows\system32\urlmon.dll_old0
2011-03-07 05:33 . 2011-04-19 23:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll_old0
2011-03-07 05:33 . 2011-04-19 23:31 1230336 ----a-w- c:\windows\SysWow64\urlmon.dll_old0
2011-03-04 06:19 . 2011-04-27 19:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 19:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-19 23:31 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-19 23:31 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-19 23:31 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-19 23:31 3135488 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\logmein hamachi\hamachi-2.exe [2011-03-28 2111368]
R3 ALSysIO;ALSysIO;c:\users\Arafat\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488920656-923882004-2919504125-1000Core.job
- c:\users\Arafat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 21:18]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488920656-923882004-2919504125-1000UA.job
- c:\users\Arafat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 21:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\micros~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\micros~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Arafat\AppData\Roaming\Mozilla\Firefox\Profiles\brjkibx7.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-488920656-923882004-2919504125-1000\Software\SecuROM\License information*]
"datasecu"=hex:2d,54,ca,c7,67,e8,33,51,78,d5,b0,38,26,50,f9,81,5f,37,b8,f5,db,
f8,16,e6,4d,54,55,67,77,e9,6a,a4,d3,8f,ba,2b,bf,e7,75,b8,e7,be,de,ed,0d,20,\
"rkeysecu"=hex:2f,39,a8,68,ed,3f,13,ee,4c,92,12,48,6f,d3,8e,54
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-26 09:16:49
ComboFix-quarantined-files.txt 2011-05-26 06:16
.
Pre-Run: 32,714,440,704 bytes free
Post-Run: 32,311,721,984 bytes free
.
- - End Of File - - 047DE59756FD341738CE003E763F4DC1

DDS log:
.
DDS (Ver_11-05-19.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Arafat at 9:30:17 on 2011-05-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.3138 [GMT 3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Arafat\Desktop\New folder\Fixing\Merlin.com
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arafat\AppData\Roaming\Mozilla\Firefox\Profiles\brjkibx7.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Arafat\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Arafat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: D:\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: D:\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: D:\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-11-14 109056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;D:\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-1-6 8192]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-26 06:26:27 8006480 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-26 06:26:23 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6D451A7-2481-418B-905A-A68AEEA9E36C}\mpengine.dll
2011-05-26 06:19:46 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-26 01:41:29 98816 ----a-w- C:\Windows\sed.exe
2011-05-26 01:41:29 89088 ----a-w- C:\Windows\MBR.exe
2011-05-26 01:41:29 256512 ----a-w- C:\Windows\PEV.exe
2011-05-26 01:41:29 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-24 17:20:29 -------- d-----w- C:\Users\Arafat\AppData\Local\{F89D2A5B-1CEC-45DC-98CD-3B8C27C55EEE}
2011-05-23 17:20:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{4DE85A21-2AE4-47ED-BC23-4F1B47C9B7B2}
2011-05-22 14:50:15 -------- d-----w- C:\Users\Arafat\AppData\Local\{53869421-6B45-47B0-BAAE-AC1408A79C47}
2011-05-21 19:33:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{28E7D7E8-526F-4ADB-8181-667D33A61DFC}
2011-05-20 11:15:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{56890F7F-2472-4A8F-A825-0DA532617CE6}
2011-05-19 19:36:48 -------- d-----w- C:\Users\Arafat\AppData\Local\{8C0B880F-FE73-42DE-9E92-B6446DDFEED8}
2011-05-19 07:22:39 -------- d-----w- C:\Users\Arafat\AppData\Local\{B9C6FE17-3E5D-445E-81FC-B36AC7E71BFD}
2011-05-17 17:00:55 -------- d-----w- C:\Users\Arafat\AppData\Local\{722E076A-2A84-4677-817F-9B07F571FAF7}
2011-05-16 19:38:31 -------- d-----w- C:\Windows\CheckSur
2011-05-16 13:33:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{BDF4F900-0721-419A-8ED0-6523DC1EAE5B}
2011-05-15 19:35:45 -------- d-----w- C:\Users\Arafat\AppData\Local\{030EF9CD-9022-4E12-9DBB-B84C85271380}
2011-05-14 10:01:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{45440B02-B680-4F0C-8383-77335D4A364D}
2011-05-13 12:22:47 -------- d-----w- C:\Users\Arafat\AppData\Local\{F1CA829F-9FBD-4126-B743-964971EFE397}
2011-05-13 00:22:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{DBF4DA55-5321-4C54-BC10-064FB4195B9A}
2011-05-12 16:23:19 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-12 16:23:19 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 16:23:18 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-12 16:23:17 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-12 16:23:17 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-12 16:23:08 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-12 16:23:07 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-12 16:23:07 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-12 16:23:07 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-12 16:23:07 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-12 16:23:07 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-12 16:23:07 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-12 12:21:26 -------- d-----w- C:\Users\Arafat\AppData\Local\{F406B812-45E2-4230-BA50-E83EF04489A8}
2011-05-11 12:00:13 -------- d-----w- C:\Users\Arafat\AppData\Local\{28908B83-A866-4881-A0DF-9D4B9725212C}
2011-05-10 19:56:05 -------- d-----w- C:\Users\Arafat\AppData\Local\{734B2427-E039-4411-8F79-E012EEBC64E2}
2011-05-10 14:40:59 -------- d-----w- C:\Users\Arafat\AppData\Local\{35249393-6A33-453D-953B-FABE876212B1}
2011-05-09 10:50:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{75B41FDB-2E3E-4CFC-8BD1-317E811B15EE}
2011-05-08 14:05:17 -------- d-----w- C:\Users\Arafat\AppData\Local\{1634022F-82E0-4C38-89D3-F73F04AC2E67}
2011-05-07 23:03:35 -------- d-----w- C:\Users\Arafat\AppData\Local\{46675658-ABF9-40D2-9B55-95A46081EE73}
2011-05-07 11:03:01 -------- d-----w- C:\Users\Arafat\AppData\Local\{C674A4FC-A059-48FE-A0EC-3CBF6BE88701}
2011-05-06 22:25:11 -------- d-----w- C:\Users\Arafat\AppData\Local\{373DC4A2-95CD-4835-96E2-7EFEF26C78DD}
2011-05-05 00:10:00 -------- d-----w- C:\Users\Arafat\AppData\Local\{FD4D9AE6-5699-4411-AFCD-F33C725CD855}
2011-05-04 12:09:24 -------- d-----w- C:\Users\Arafat\AppData\Local\{A1534F8F-DF95-4875-9AE8-C5B9B3CB7EB5}
2011-05-03 18:09:09 -------- d-----w- C:\Users\Arafat\AppData\Local\{B8A096B0-ABB0-46A5-A046-6702D317EB29}
2011-04-29 18:49:19 -------- d-----w- C:\Users\Arafat\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-29 18:49:18 -------- d-----w- C:\Users\Arafat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-28 17:33:32 -------- d-----w- C:\Users\Arafat\AppData\Local\LogMeIn Hamachi
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 19:32:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
.
==================== Find3M ====================
.
2011-04-05 17:52:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-05 17:52:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-25 19:47:02 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-03-19 11:43:50 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 12:02:41 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll_old0
2011-03-07 06:31:43 1491456 ----a-w- C:\Windows\System32\urlmon.dll_old0
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll_old0
2011-03-07 05:33:10 1230336 ----a-w- C:\Windows\SysWow64\urlmon.dll_old0
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 9:31:16.28 ===============

Blade81 · May 26, 2011

Hi,

Could you try to run ComboFix in normal mode, please?

Merlin · May 26, 2011

I tried, didn't work i got the message:

"Windows cannot find 'C:\Users\Arafat\Desktop\Combofix.exe' Make sure you typed the name correctly, and then try again "

just tried again, no luck

Blade81 · May 26, 2011

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Merlin · May 26, 2011

I've been trying to run it in normal mode, it's the same message as the others.

Shall i run it in safe mode?

Blade81 · May 26, 2011

Please do.

Merlin · May 26, 2011

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 22:41:30
Windows 6.1.7601 Service Pack 1
Running: km3i0lf4.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x6B 0x2F 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x79 0x67 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x39 0x59 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x66 0x1A 0xE6 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x6B 0x2F 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x79 0x67 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x39 0x59 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x66 0x1A 0xE6 0x02 ...

---- EOF - GMER 1.0.15 ----

Blade81 · May 27, 2011

* Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish.

Merlin · May 27, 2011

Can't get Internet Explorer to run

Merlin · May 27, 2011

Would it work if I used the ESET Smart Installer?

Blade81 · May 27, 2011

Hi,

Rename ComboFix.exe file -> anything.exe and see if you're able to run it in normal mode.

Can't get Internet Explorer to run

Any details how it failed (error message)?

Can't run DDS, Spybot or CCleaner or avgmfapx message

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus