Spybot & AVG8.5 wont scan,cant save HJT,ERUNT,Malwarebytes

[IndiGenus]

No recovery console because you're running Vista, so no problem.

File I would like to check if present. First, please make sure you can see hidden files.

http://www.bleepingcomputer.com/tutorials/tutorial130.html

Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis:

C:\WINDOWS\Sys7CC0.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If Jotti is too busy you can try these.

http://www.kaspersky.com/scanforvirus.html
http://www.virustotal.com/en/indexf.html

 

[northernunicorn]

re: file analysis at Jotti site and re: HijackThis

Hi IndiGenus:

File I would like to check if present. First, please make sure you can see hidden files.

I followed instructions for showing hidden files.
I clicked on Jotti link and clicked browse and tried to upload file
Sys7CC0.exe
for analysis.
This is the message that came up:

File not found.Check file name and try again

***What would you like me to do next?

Please also post an updated HijackThis log

Was still unable to save the HijackThis installer.exe to my computer.
I will contact my friend and try to save it on disk (like I did with the other tools) and will get back to you with results.

Thanks for your help and patience. Awaiting your reply.
from Dorothy

 

[IndiGenus]

Might be AVG

Hi Dorothy,

One thing we may want to try. I had mentioned another thread that I was watching where the user could not download files and it ended up being a corrupted AVG install. Since you have AVG I'm wondering if this may be the same issue. You may want to uninstall and re-install AVG to see if that clears up the issue of downloading.

Also, did you download and save DDS as I had advised? If so can you run that and post the logs.

 

[northernunicorn]

might be AVG

Hi IndiGenus:

I got your reply.
I did download & save DDS to disk as you asked.
I will run that and post the logs.

Also, I will Uninstall & Install of AVG8 and let you know what happens.

Also, I will be saving HijackThis Installer.exe to my disk and will post the log.

I will be able to do all the above tomorrow evening at the earliest since I have previous commitments tonight and all day tomorrow.

Thanks from Dorothy

 

[IndiGenus]

Don't need HJT

Hi Dorothy,

No need to go out of the way to get HijackThis. DDS will show us everything HJT will, and more. So just the DDS will do, and should only take a minute or 2.

 

[northernunicorn]

DDS logs

Hi IndiGenus

Here are the 2 DDS logs as requested.

DDS


DDS (Ver_09-10-13.01) - NTFSx86
Run by JeffandMom at 11:58:53.26 on 22/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.138 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy162\SDWinSec.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JeffandMom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy162\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy162\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-3 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-3 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy162\SDWinSec.exe [2009-2-13 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]

=============== Created Last 30 ================

2009-10-19 13:13 236,544 a------- c:\windows\PEV.exe
2009-10-19 13:13 161,792 a------- c:\windows\SWREG.exe
2009-10-19 13:13 98,816 a------- c:\windows\sed.exe
2009-10-14 23:59 <DIR> --d----- c:\program files\ESET
2009-10-13 23:33 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 23:33 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-13 23:33 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-13 23:30 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 14:35 <DIR> --d----- c:\users\jeffan~1\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-03 01:51 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-23 13:12 <DIR> --d----- c:\users\jeffandmom\.housecall6.6

==================== Find3M ====================

2009-09-12 01:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-12 01:17 86,016 a------- c:\windows\inf\infstor.dat
2009-09-12 01:17 51,200 a------- c:\windows\inf\infpub.dat
2009-09-12 01:04 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:51 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 08:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-09-28 02:27 174 a--sh--- c:\program files\desktop.ini
2007-09-24 21:32 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:59:25.07 ===============

 

[IndiGenus]

How are things running? Let's run a quick cleanup script with combofix then let me know how it's running at this point.

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sys7CC0.exe"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new DDS log.

 

[northernunicorn]

NEW combofix.txt log

Hi IndiGenus

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:


Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sys7CC0.exe"=-
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again

I did as instructed
although I forgot to deactivate any security programs running

I tried to run another ComboFix after deactivating but I goofed & forgot to save to desktop Do you want me to run another?


Anyway, here is the log for the run I did do. Thanks from Dorothy


ComboFix 09-10-17.01 - JeffandMom 23/10/2009 12:18.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.109 [GMT -4:00]
Running from: c:\users\JeffandMom\Desktop\ComboFix.exe
Command switches used :: c:\users\JeffandMom\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-23 16:32 . 2009-10-23 16:32 -------- d-----w- c:\users\JeffandMom\AppData\Local\temp
2009-10-23 16:32 . 2009-10-23 16:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-23 16:32 . 2009-10-23 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-15 03:59 . 2009-10-15 03:59 -------- d-----w- c:\program files\ESET
2009-10-14 22:58 . 2009-10-14 23:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-14 03:33 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 03:33 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 03:33 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 03:30 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 18:35 . 2009-10-13 18:35 -------- d-----w- c:\users\JeffandMom\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-13 18:15 . 2009-10-13 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-03 05:51 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-23 17:12 . 2009-09-24 00:31 -------- d-----w- c:\users\JeffandMom\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 14:35 . 2008-05-25 16:40 -------- d-----w- c:\programdata\Avg8
2009-10-14 04:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-13 18:23 . 2009-07-14 03:00 -------- d-----w- c:\programdata\NOS
2009-09-30 22:16 . 2008-11-03 18:46 -------- d-----w- c:\program files\DNA
2009-09-30 04:03 . 2008-01-11 02:28 680 ----a-w- c:\users\JeffandMom\AppData\Local\d3d9caps.dat
2009-09-27 17:21 . 2009-02-13 05:06 -------- d-----w- c:\program files\Spybot - Search & Destroy162
2009-09-23 15:22 . 2007-06-21 09:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-12 05:10 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-02 06:40 . 2009-02-13 09:37 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-03 13:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 13:57 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:51 . 2009-02-03 20:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:51 . 2009-02-03 20:53 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:51 . 2009-02-03 20:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 05:22 . 2009-10-14 03:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 03:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 03:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 03:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-10 00:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 00:49 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 00:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 00:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 00:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 00:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 00:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 00:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 00:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 00:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 00:49 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 12:34 . 2009-10-14 03:32 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:34 . 2009-10-14 03:32 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-09-25 01:32 . 2007-09-25 01:32 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-06-13 03:56 . 2007-06-13 03:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-19_17.33.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-12 20:40 . 2009-10-23 14:15 55746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-06-12 20:40 . 2009-10-19 15:09 55746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-10-23 14:16 91084 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-06-21 22:29 . 2009-10-19 17:35 18448 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1243676550-844158297-4097513924-1000_UserData.bin
+ 2007-06-21 22:29 . 2009-10-23 14:16 18448 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1243676550-844158297-4097513924-1000_UserData.bin
- 2007-06-21 07:08 . 2009-10-19 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-21 07:08 . 2009-10-23 14:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-21 07:08 . 2009-10-23 14:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-21 07:08 . 2009-10-19 15:16 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-21 07:08 . 2009-10-23 14:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-06-21 07:08 . 2009-10-19 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-07-02 16:56 . 2009-09-07 19:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 16:56 . 2009-10-22 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 16:56 . 2009-09-07 19:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-02 16:56 . 2009-10-22 22:44 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 16:56 . 2009-09-07 19:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-07-02 16:56 . 2009-10-22 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:33 . 2009-10-19 15:05 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-23 14:19 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-19 15:05 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-23 14:19 105448 c:\windows\System32\perfc009.dat
+ 2009-05-14 02:50 . 2009-10-20 15:34 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-14 02:50 . 2009-10-14 04:53 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-04 23:27 . 2009-07-12 17:18 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-04 23:27 . 2009-10-21 00:54 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:22 . 2009-10-23 14:27 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-10-19 06:13 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-10-23 16:16 . 2009-10-23 16:16 6217728 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\users\JeffandMom\Program Files\DNA\btdna.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WPCUMI"=c:\windows\system32\WpcUmi.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"SigmatelSysTrayApp"=sttray.exe
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):40,68,88,54,68,33,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1243676550-844158297-4097513924-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3575F37-250E-44F1-955F-9DBA8D31014F}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33B940DD-6CDC-41AD-B5C0-94FFFE30F099}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{675E4329-BDAD-425B-8F52-E59340D79AE2}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"TCP Query User{1C073947-2788-4DB5-8357-98E3E3FCDA24}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{8CB2018A-3E7E-4C02-AF5B-51AF4CF93026}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{C4FD23D5-2EA3-4158-A34F-46692E6CC4D4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{40927A40-DE20-49B6-A2E7-F52B8395AA5D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{714594F5-54E7-4B6C-986C-A77C6490D6DC}"= UDP:c:\program files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{45CDFF7D-D7E9-433E-9584-73C0A7ECF93F}"= TCP:c:\program files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{16DCBD6D-6EA6-4CE0-A7D8-36E9E51C0130}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{0B8085F5-69B5-4EFB-A42F-6B5FEC037EA8}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"TCP Query User{78733992-4ABA-4095-9BF7-64F6EB0EBD63}c:\\users\\jeffandmom\\appdata\\local\\temp\\cryf095.tmp\\install.exe"= Disabled:UDP:c:\users\jeffandmom\appdata\local\temp\cryf095.tmp\install.exe:install.exe
"UDP Query User{5100B386-8977-488E-87A5-FD6EE52C9204}c:\\users\\jeffandmom\\appdata\\local\\temp\\cryf095.tmp\\install.exe"= Disabled:TCP:c:\users\jeffandmom\appdata\local\temp\cryf095.tmp\install.exe:install.exe
"TCP Query User{A68E209B-8B93-4E8F-AD3B-7CAF8423BEF2}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{14456106-FC4A-499C-B233-9DA902D77F8C}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{DA2C9F94-6C3A-46C3-9312-8BE90D992031}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{CAA44634-39E1-43CB-8892-D368F1834357}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{0E289CE5-5339-44C8-83BA-4250041310E6}c:\\program files\\morpheus\\morpheus.exe"= UDP:c:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query User{4D3E9D19-028D-48DC-8DC3-B94B6CE2B61C}c:\\program files\\morpheus\\morpheus.exe"= TCP:c:\program files\morpheus\morpheus.exe:Morpheus
"TCP Query User{2D148C49-136C-4B8D-AFCB-C9CB301F394A}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{419A0031-93D2-4BF9-A854-F6F4F229506D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{5C26B0C7-70E4-4FB7-BA48-D7A46CE57571}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4664334B-7196-45E1-8965-4F14BE3AE307}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{10E65A62-9E1F-4C13-96DC-6EC6E25B51BE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AC6B501D-9E15-4FDC-BEED-80EAD63AF5BD}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{342ADA7E-1204-486D-A832-F5C6798570B8}"= UDP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe:SimCity 3000 Unlimited
"{319F2B45-1BE1-4DC6-8C9B-AE7E9F61ABF9}"= TCP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe:SimCity 3000 Unlimited
"{9AD0B42E-5FC0-406C-8664-6A68A668041D}"= UDP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\BAApp.exe:Building Architect Plus
"{3E1367B2-685D-4894-923E-AFD35913E544}"= TCP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\BAApp.exe:Building Architect Plus
"{B81B8BDE-CE31-4AE3-AE3E-11822A09AC36}"= Disabled:UDP:c:\program files\Blubster\Blubster.exe:Blubster
"{57B35579-93BD-4E43-A763-C6C5B815D71C}"= Disabled:TCP:c:\program files\Blubster\Blubster.exe:Blubster
"TCP Query User{EEA02241-6F2D-4A58-A957-BED349F9BD7F}c:\\program files\\yahoo! games\\jeopardy!\\jeopardy!.exe"= Disabled:UDP:c:\program files\yahoo! games\jeopardy!\jeopardy!.exe:JEOPARDY!
"UDP Query User{98A85509-9C5B-4A6F-A64B-A2CAF6A08A7B}c:\\program files\\yahoo! games\\jeopardy!\\jeopardy!.exe"= Disabled:TCP:c:\program files\yahoo! games\jeopardy!\jeopardy!.exe:JEOPARDY!
"{AF793AE3-9195-45C6-B589-B85B8CE1AACB}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{857C846E-0368-42AC-86E3-2284F4A9426E}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{DEE67F76-564B-4964-A1D2-19945441D98D}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{4914565E-0F00-4948-985F-4B448B560D0D}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{F9971E49-5AA4-477D-80D6-E12FD76C7CE0}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{FF0F290B-0A63-4B58-9DA9-F4A0DBA266DF}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"TCP Query User{E8772C2A-B0D4-460C-8DF3-35E02E89AE12}c:\\users\\jeffandmom\\program files\\dna\\btdna.exe"= UDP:c:\users\jeffandmom\program files\dna\btdna.exe:btdna.exe
"UDP Query User{B052B293-75C7-453A-8372-2C4B7F475EE4}c:\\users\\jeffandmom\\program files\\dna\\btdna.exe"= TCP:c:\users\jeffandmom\program files\dna\btdna.exe:btdna.exe
"{E9047EDA-B009-4D37-B5D0-223878263010}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{8EAC47DC-0B2D-4B94-A9BC-378DAC1FD3CB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{6C1C211A-8DA3-4CA0-AE22-1788A73C9E1C}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{311AF4CA-6404-47DC-AA44-CA46CFE86C6F}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"TCP Query User{EC185DCC-5F9D-4A17-AC8F-C22058AFB2C6}c:\\users\\jeffandmom\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\users\jeffandmom\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{EF017CC1-AA8C-470E-818B-B94E53DDF341}c:\\users\\jeffandmom\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\users\jeffandmom\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{2C30FE43-5885-4432-9C6A-5C1304483211}c:\\users\\jeffandmom\\program files\\bittorrent_dna\\dna.exe"= UDP:c:\users\jeffandmom\program files\bittorrent_dna\dna.exe:dna.exe
"UDP Query User{87858FAD-BB85-4647-8BAB-19A30257510B}c:\\users\\jeffandmom\\program files\\bittorrent_dna\\dna.exe"= TCP:c:\users\jeffandmom\program files\bittorrent_dna\dna.exe:dna.exe
"{B766EDBB-17DC-45F4-B0B6-2675A6AEE9AA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{096035EE-C61B-4CA5-8159-D47F80B13720}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{524E00AF-11ED-4B19-9D99-111C2B612F6F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{BDC5A94C-D7AA-4B8C-92C4-249EA6779E6D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4A3A4C3F-639B-4A1B-8B64-D45A9F0F8CCC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{0AA9915C-6298-4CF6-A6AA-35F53C27D723}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{1BBD6D94-7589-47E1-A491-C8FAFF73A663}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy162\SDWinSec.exe [2009-01-26 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-28 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-11 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 12:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-23 12:38
ComboFix-quarantined-files.txt 2009-10-23 16:38
ComboFix2.txt 2009-10-19 17:43

Pre-Run: 41,329,745,920 bytes free
Post-Run: 41,291,345,920 bytes free

314 --- E O F --- 2009-10-22 15:25

 

[IndiGenus]

I tried to run another ComboFix after deactivating but I goofed & forgot to save to desktop Do you want me to run another?

Hi.....no, looks like it took care of what we needed it to. I think we can move on with the fix and do some cleanup and scans.

How's it running BTW.

Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner by Atribune.

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a DDS log.

 

[northernunicorn]

How things are running and NEW DDS logs

Hi Indigenus

How are things running?

Same as before really...no noticeable changes in speed etc. That wasn't a problem though much.

• 
  My computer still wont let me save .exe files anywhere on it...even to a CD.
  
  Spybot-Search and Destroy still says same adminstrator error message(see previous posts) and I cant do Immunize after updates or do a scan. I can do updates though, it seems, but I have no way to verify in Spybot itself if these are truly happening. I think I'm going to do a complete uninstall of Spybot and then install Spybot most recent version from my CD.
  
  AVG8.5 still wont let me reactivate resident shield and I cant do a scan. I went on the AVG site and couldnt download the uninstall/reinstall .exe tool directly to my computer so Im going to try a COMPLETE uninstall and check for any leftover files,then from my CD try to do an install of most recent AVG version.

***Please let me know what you think of my list above.

Let's run a quick cleanup script with combofix then let me know how it's running at this point...
After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt
A new DDS log.

My previous reply was the Combofix.txt log.

Here is A new DDS log.

thanks from Dorothy I appreciate your help and patience.:bigthumb:

 

[northernunicorn]

How things are running and NEW DDS logs

Hi Indigenus

How are things running?

Same as before really...no noticeable changes in speed etc. That wasn't a problem though much.

• 
  My computer still wont let me save .exe files anywhere on it...even to a CD.
  
  Spybot-Search and Destroy still says same adminstrator error message(see previous posts) and I cant do Immunize after updates or do a scan. I can do updates though, it seems, but I have no way to verify in Spybot itself if these are truly happening. I think I'm going to do a complete uninstall of Spybot and then install Spybot most recent version from my CD.
  
  AVG8.5 still wont let me reactivate resident shield and I cant do a scan. I went on the AVG site and couldnt download the uninstall/reinstall .exe tool directly to my computer so Im going to try a COMPLETE uninstall and check for any leftover files,then from my CD try to do an install of most recent AVG version.

***Please let me know what you think of my list above.

Let's run a quick cleanup script with combofix then let me know how it's running at this point...
After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt
A new DDS log.

My previous reply was the Combofix.txt log.

Here is A new DDS log.

thanks from Dorothy I appreciate your help and patience.:bigthumb:


==================== Find3M ====================

2009-09-12 01:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-12 01:17 86,016 a------- c:\windows\inf\infstor.dat
2009-09-12 01:17 51,200 a------- c:\windows\inf\infpub.dat
2009-09-12 01:04 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:51 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 08:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2008-09-28 02:27 174 a--sh--- c:\program files\desktop.ini
2007-09-24 21:32 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:52:15.89 =========

 

[IndiGenus]

Before doing any re-installation there are a couple things we can try. Let's do this first...

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Then try running your programs.

 

[northernunicorn]

re: posts #29 and #32 and ignore post#30

Hi IndiGenus

Please ignore post #30. It was posted in error.
Post#31 is the correct one.

from post#29

Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Computer wont let download/save ATF Cleaner.
You had previously listed TFC(Temp File Cleaner) as a tool that I saved to the CD.
***Can I use that instead?:scratch: Please let me know.


from post #32

Before doing any re-installation there are a couple things we can try. Let's do this first...Please download exeHelper to your desktop.

Computer wont let me download exeHelper.
I can go to my friend's tomorrow to save it to the CD and will get back to you with the results.

Thanks from Dorothy

 

[IndiGenus]

Yes, you can use TFC instead of ATF.

I was hoping that you would be able to download files. It's up to you if you want to get the tools from another PC that's fine. You could also try just completely removing AVG and see if you can then download.

 

[northernunicorn]

Hi IndiGenus

Yes, you can use TFC instead of ATF.

Will do that. Thanks

It's up to you if you want to get the tools from another PC that's fine. You could also try just completely removing AVG and see if you can then download.

Will try just completely removing AVG and will let you know the results
Will then try to download exeHelperand
Malwarebytes as you requested inpost#32

If I cant then I'll wait til tomorrow to go to my friend's

Will talk with you later. Thanks:bigthumb:
from Dorothy

 

[northernunicorn]

Hi IndiGenus

Yesterday 17:53
IndiGenus Yes, you can use TFC instead of ATF.

I was hoping that you would be able to download files. It's up to you if you want to get the tools from another PC that's fine. You could also try just completely removing AVG and see if you can then download.

I used TFC as requested. Something like 85Mb was deleted.
Seemed to go ok.

I was unable to uninstall AVGFree 8.5. :sad:

Message came up "Uninstall failed. 1 warning, 1 error occurred"
These both referred to avgcsrvx.exe.
I clicked on the Detailsbox and wrote down the info given.
You may just have got it right when you said in post #23 Might be AVG

I tried the uninstall thru Windowsuninstall a program in regular mode as well as in safe mode.
I also tried using the uninstall AVGFree from Start Menu. No go.:sad:

As I previously mentioned (post#31 How are things running and NEW DDS logs) my computer wont let me downloadthe uninstall/reinstall.exe tool on the AVGFree site.

So... :surrender:I'll contact my friend to save to CD the exeHelper
and Malwarebytes' Anti-Malwaretools you suggested as well as the AVGFree uninstall/install.exe tool and get back to you.

Hopefully these tools will fix or give light to fix any of the problems .

:thanks: from Dorothy

 

[northernunicorn]

exeHelper log

Hi IndiGenus

Before doing any re-installation there are a couple things we can try. Let's do this first...
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
Post the contents of exehelperlog.txt

Here is the exehelperlog requested
Thanks from Dorothy

exeHelper by Raktor
Build 20091021
Run at 15:46:50 on 10/24/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

[northernunicorn]

ignore previous post re:exehelper log

Hi IndiGenus

Before doing any re-installation there are a couple things we can try. Let's do this first...
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
Post the contents of exehelperlog.txt

Here is the exehelperlog requested
Thanks from Dorothy

exeHelper by Raktor
Build 20091021
Run at 15:46:50 on 10/24/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

[northernunicorn]

after exehelper log

Hi IndiGenus

After doing the exehelper and posting the log, I
still wasnt able to download/save the Malwarebytes Anti-Malware.

Seemed like it had saved to desktop-even said there was already a copy(I had saved it from my CD to desktop already) and did I want to replace?
I said yes.
:sad:however, nothing showed up & the one that was on the desktop previous was gone too.

Back to the grinding board...copying to desktop from my CD for Malwarebytes, AVGFree uninstall/repair/install tool.

Awaiting your reply of what I should do next or run next.
Thanks from Dorothy:thanks:

 

[northernunicorn]

Malwarebytes log and DDS logs

Hi IndiGenus

Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
Copy and Paste the entire report in your next reply along with a DDS log.

Here are the logs you requested.
Thanks from Dorothy:thanks: Awaiting your reply

Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.41
Database version: 3027
Windows 6.0.6002 Service Pack 2

24/10/2009 5:02:51 PM
mbam-log-2009-10-24 (17-02-51).txt

Scan type: Quick Scan
Objects scanned: 88673
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_________________________________________________________________
DDS logs

DDS (Ver_09-10-13.01) - NTFSx86
Run by JeffandMom at 17:17:04.71 on 24/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.142 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy162\SDWinSec.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\JeffandMom\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy162\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy162\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-3 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-3 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy162\SDWinSec.exe [2009-2-13 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]

=============== Created Last 30 ================

2009-10-24 16:52 <DIR> --d----- c:\users\jeffan~1\appdata\roaming\Malwarebytes
2009-10-24 16:52 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 16:52 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-24 16:52 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-24 16:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 16:52 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-23 13:44 <DIR> --ds---- C:\ComboFix
2009-10-19 13:13 236,544 a------- c:\windows\PEV.exe
2009-10-19 13:13 161,792 a------- c:\windows\SWREG.exe
2009-10-19 13:13 98,816 a------- c:\windows\sed.exe
2009-10-14 23:59 <DIR> --d----- c:\program files\ESET
2009-10-13 23:33 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 23:33 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-13 23:33 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-13 23:30 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 14:35 <DIR> --d----- c:\users\jeffan~1\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-03 01:51 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-09-12 01:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-12 01:17 86,016 a------- c:\windows\inf\infstor.dat
2009-09-12 01:17 51,200 a------- c:\windows\inf\infpub.dat
2009-09-12 01:04 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:51 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 08:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2008-09-28 02:27 174 a--sh--- c:\program files\desktop.ini
2007-09-24 21:32 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:17:49.56 ===============