Author Topic: Browser link redirection, spotify/ipod issues (Read 43634 times)

jag66 · « **on:** September 13, 2011, 01:12:34 PM »

Hi,

I have various problems including getting links redirected, particularly when doing google searches around viruses.
My computer won't recognise my ipod, and spotify often crashes or says my sound card doesn't work. Also, sometime the computer slows up when I have a few windows open.

I've run Malware Bytes, SUPERAntiSpyware, CCleaner and HijackThis. I've lost the log for SUPERAntiSpyware so am running it again now.

Note I have AVG installed and this often flags detected problems (exe's being moved to windows folder for example).

Here is the HijackThis log and the MalwareBytes log below.

Thanks for reading,
James

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:14, on 13/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\james green\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [centerstreamcache.exe] "C:\Documents and Settings\james green\Local Settings\Application Data\centerstreamcache.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [centerstreamcache.exe] "C:\Documents and Settings\james green\Local Settings\Application Data\centerstreamcache.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
O4 - Startup: Zentom System Guard.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

--
End of file - 11371 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13/09/2011 19:19:24
mbam-log-2011-09-13 (19-19-24).txt

Scan type: Quick scan
Objects scanned: 169528
Time elapsed: 44 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jag66 · « **Reply #1 on:** September 13, 2011, 03:49:10 PM »

And the SuperAntiSpyWare log (not too informative.. it did remove some threats when I ran previously but lost the log)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/13/2011 at 10:47 PM

Application Version : 5.0.1118

Core Rules Database Version : 7673
Trace Rules Database Version: 5485

Scan type : Complete Scan
Total Scan Time : 02:45:48

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 879
Memory threats detected : 0
Registry items scanned : 37962
Registry threats detected : 0
File items scanned : 185471
File threats detected : 0

SuperDave · « **Reply #2 on:** September 13, 2011, 06:46:29 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
**************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

jag66 · « **Reply #3 on:** September 14, 2011, 03:34:36 PM »

Thanks for the advice: Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_27
Run by james green at 22:29:32 on 2011-09-14
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
\??\C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\wuauclt.exe
\??\C:\Program Files\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Last.fm\iPodScrobbler.exe
C:\Documents and Settings\james green\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\james green\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A02E0549-8B30-4553-B82E-F8C5DC2115F0} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\james green\application data\mozilla\firefox\profiles\hwcoa53c.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4db6fed0&v=7.007.026.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\james green\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 64be6b6b-e9d9-4d48-8349-e6920348a9b2
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? AVGIDSAgent;AVGIDSAgent
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS)
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? pgsql-8.3;PostgreSQL Database Server 8.3
R? RsFx0102;RsFx0102 Driver
R? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS)
R? V0260VID;Live! Cam Vista IM
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? CXAVSAUD;Conexant 2388x Audio Capture
S? CXAVSTS;Conexant 2388x AVStream TS Capture
S? CXBDATUNE;Conexant BDA DVB Tuner/Demod
S? McrdSvc;Media Center Extender Service
S? ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS)
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-09-11 19:35:42   388096   ----a-r-   c:\documents and settings\james green\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-11 19:35:42   --------   d-----w-   c:\program files\Trend Micro
2011-09-10 16:15:20   --------   d-----w-   c:\documents and settings\james green\application data\SUPERAntiSpyware.com
2011-09-10 16:14:47   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-09-10 16:14:47   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-10 15:48:48   --------   d-----w-   c:\program files\CCleaner
2011-09-08 19:42:52   --------   d-----w-   c:\documents and settings\james green\local settings\application data\Nero_AG
2011-09-08 19:41:41   --------   d-----w-   c:\documents and settings\james green\local settings\application data\Nero
2011-09-08 19:39:28   --------   d-----w-   c:\documents and settings\all users\application data\Nero
2011-09-08 19:38:57   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2011-09-08 19:38:53   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2011-09-08 19:38:48   4379984   ----a-w-   c:\windows\system32\D3DX9_40.dll
2011-09-08 19:38:41   3727720   ----a-w-   c:\windows\system32\d3dx9_35.dll
2011-09-08 19:38:33   3497832   ----a-w-   c:\windows\system32\d3dx9_34.dll
2011-09-08 19:38:13   --------   d-----w-   c:\windows\Logs
2011-09-07 19:58:52   --------   d-----w-   c:\documents and settings\james green\application data\Xeda
2011-09-07 19:58:52   --------   d-----w-   c:\documents and settings\james green\application data\Tywufu
2011-09-07 19:26:25   --------   d-----w-   c:\program files\Yontoo Layers Runtime
2011-09-07 19:08:37   --------   d-----w-   c:\documents and settings\james green\application data\Mp3tag
2011-09-07 19:08:12   --------   d-----w-   c:\program files\Mp3tag
2011-09-03 10:17:37   599040   -c----w-   c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-06 19:26:02   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-09-03 10:17:37   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-08-14 12:05:03   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2011-07-19 04:05:24   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-19 01:40:05   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-06-21 18:45:57   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-06-21 18:45:57   1830912   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57   17408   ----a-w-   c:\windows\system32\corpol.dll
2011-06-21 11:47:20   389120   ----a-w-   c:\windows\system32\html.iec
2011-06-20 17:44:52   293376   ----a-w-   c:\windows\system32\winsrv.dll
.
============= FINISH: 22:32:40.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2006 20:21:15
System Uptime: 14/09/2011 22:04:12 (0 hours ago)
.
Motherboard: ELITEGROUP COMPUTER SYSTEM CO.,LTD. | | 945G-M3
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Socket 775 | 2127/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 181.493 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1248: 15/06/2011 21:15:13 - System Checkpoint
RP1249: 16/06/2011 22:35:29 - System Checkpoint
RP1250: 16/06/2011 22:56:04 - Software Distribution Service 3.0
RP1251: 18/06/2011 14:00:56 - System Checkpoint
RP1252: 19/06/2011 14:33:03 - System Checkpoint
RP1253: 20/06/2011 19:36:27 - System Checkpoint
RP1254: 29/06/2011 22:56:14 - Software Distribution Service 3.0
RP1255: 02/07/2011 11:38:49 - Software Distribution Service 3.0
RP1256: 03/07/2011 13:11:54 - System Checkpoint
RP1257: 06/07/2011 21:18:16 - System Checkpoint
RP1258: 11/07/2011 20:29:51 - System Checkpoint
RP1259: 12/07/2011 22:55:46 - Software Distribution Service 3.0
RP1260: 16/07/2011 18:29:25 - System Checkpoint
RP1261: 18/07/2011 22:13:08 - System Checkpoint
RP1262: 26/07/2011 20:21:30 - System Checkpoint
RP1263: 30/07/2011 11:21:25 - System Checkpoint
RP1264: 31/07/2011 11:58:50 - System Checkpoint
RP1265: 03/08/2011 19:59:56 - System Checkpoint
RP1266: 11/08/2011 20:09:13 - System Checkpoint
RP1267: 11/08/2011 23:27:07 - Software Distribution Service 3.0
RP1268: 14/08/2011 14:02:30 - Removed Get Yahoo! Messenger
RP1269: 14/08/2011 14:03:02 - Removed Learn Visual Web Developer 2005 Express Edition\C#\Lesson 11
RP1270: 14/08/2011 14:03:15 - Removed Learn Visual Web Developer 2005 Express Edition\C#\Lesson 12
RP1271: 14/08/2011 14:03:27 - Removed Learn Visual Web Developer 2005 Express Edition\C#\Lesson 13
RP1272: 17/08/2011 19:57:14 - System Checkpoint
RP1273: 06/09/2011 22:32:35 - Software Distribution Service 3.0
RP1274: 07/09/2011 19:02:57 - Software Distribution Service 3.0
RP1275: 10/09/2011 16:47:12 - Removed Video 5 Sample Code
RP1276: 11/09/2011 20:24:51 - Software Distribution Service 3.0
RP1277: 11/09/2011 20:33:16 - Installed Java(TM) 6 Update 27
RP1278: 11/09/2011 20:35:40 - Installed HiJackThis
RP1279: 11/09/2011 22:58:40 - Software Distribution Service 3.0
RP1280: 13/09/2011 18:24:25 - Software Distribution Service 3.0
RP1281: 13/09/2011 23:08:08 - Software Distribution Service 3.0
RP1282: 14/09/2011 22:07:32 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
4Media MP4 to MP3 converter
4oD
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 2011
BitTorrent 5.0.9
Bonjour
CCleaner
CCScore
Creative Jukebox Driver
Creative Live! Cam Vista IM Driver (1.00.07.0401)
Creative Live! Cam Vista IM User's Guide (English)
Creative Removable Disk Manager
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
Creative Zen Sleek
Critical Update for Windows Media Player 11 (KB959772)
DivX
DivX Converter
DivX Player
DivX Web Player
EasyBits GO
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
FileZilla Client 3.3.2.1
Google Chrome
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 27
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Last.fm 1.5.4.27091
LiveUpdate 3.1 (Symantec Corporation)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
MCE Software Encoder 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Platform Installer 2.0
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Mozilla Firefox 6.0.2 (x86 en-GB)
Mp3tag v2.49
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
OCA Client history tool install
OfotoXMI
OpenOffice.org 2.1
Paint.NET v3.5.6
Paradise Poker
PartyPoker
Philips Media Manager 3.3.11.0041
Poker Tracker Version 2.15.00d
PokerTracker 3 (remove only)
PostgreSQL 8.3
Power Tab Editor 1.7
Power2Go 4.0
PowerDVD
QuickTime
Ralink Wireless LAN Card
RealPlayer
Realtek High Definition Audio Driver
Roxio Burn Engine
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SFR
SHASTA
skin0001
SKINXSDK
Skype Toolbars
Skype™ 5.3
Sony Ericsson Media Manager 1.1
Spotify
SQL Compare 8
SQL Data Compare 8
SQL Data Generator 1
SQL Dependency Tracker 2
SQL Doc 2
SQL Refactor 1
Sql Server Customer Experience Improvement Program
staticcr
SUPERAntiSpyware
tooltips
TortoiseSVN 1.5.9.15518 (32 bit)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB911061
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
WPF Toolkit February 2010 (Version 3.5.50211.1)
Yontoo Layers Runtime 1.10.01
Zentom System Guard
.
==== Event Viewer Messages From Past Week ========
.
13/09/2011 19:46:10, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
12/09/2011 23:15:30, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
12/09/2011 23:15:30, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
10/09/2011 16:29:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x nvata nvatabus nvraid perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
10/09/2011 13:46:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/09/2011 13:45:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/09/2011 13:45:21, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2011 13:45:21, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2011 13:45:21, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2011 13:45:21, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2011 13:45:21, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2011 13:45:21, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2011 13:44:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/09/2011 13:12:41, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
08/09/2011 20:49:29, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
08/09/2011 20:38:37, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
08/09/2011 19:07:19, error: Service Control Manager [7023] - The Intel(R) Quick Resume technology service terminated with the following error: The system cannot find the file specified.
08/09/2011 19:07:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server Reporting Services (SQLEXPRESS) service to connect.
08/09/2011 19:07:18, error: Service Control Manager [7000] - The SQL Server Reporting Services (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/09/2011 19:06:15, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0013D37BD6E2 has been denied by the DHCP server 10.200.213.177 (The DHCP Server sent a DHCPNACK message).
07/09/2011 22:46:35, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0013D37BD6E2 has been denied by the DHCP server 10.200.213.177 (The DHCP Server sent a DHCPNACK message).
07/09/2011 21:01:43, error: Service Control Manager [7034] - The PostgreSQL Database Server 8.3 service terminated unexpectedly. It has done this 1 time(s).
07/09/2011 20:56:13, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0013D37BD6E2 has been denied by the DHCP server 10.235.208.1 (The DHCP Server sent a DHCPNACK message).
07/09/2011 19:36:56, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
07/09/2011 19:21:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/09/2011 19:06:18, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
07/09/2011 19:05:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
07/09/2011 19:04:54, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013D37BD6E2. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================

SuperDave · « **Reply #4 on:** September 14, 2011, 05:55:40 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*******************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

jag66 · « **Reply #5 on:** September 15, 2011, 02:47:01 PM »

First bit:

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 27
Flash Player Out of Date!
Adobe Flash Player 10.0.42.34
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

jag66 · « **Reply #6 on:** September 15, 2011, 03:32:20 PM »

And combofix:

ComboFix 11-09-15.05 - james green 15/09/2011 22:01:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.506 [GMT 1:00]
Running from: c:\documents and settings\james green\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\FreeventsSchedule.exe.34f2941e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.19423898.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.e24841d8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.e3b16eb1.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL69.tmp.edc4126c.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL7.tmp.32be5160.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL70.tmp.a0a11ca2.ini
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Start Menu\Programs\System Recovery
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\Recovery Media Creator.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\james green\Application Data\Adobe\plugs
c:\documents and settings\james green\Application Data\Adobe\shed
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\AddInUtil.exe.27203cce.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\AddInUtil.exe.b497e12f.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\AddInUtil.exe.b497e12f.ini.inuse
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini.inuse
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\FreeventsSchedule.exe.34f2941e.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.19423898.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.e24841d8.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.e3b16eb1.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MSI271.tmp.7c4f4f64.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MSI95.tmp.6c646816.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MSI99.tmp.7c15e41a.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\MSI9D.tmp.e4c9d945.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\NProfiler.exe.25252705.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\setup.exe.b34143a.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\SL69.tmp.edc4126c.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\SL7.tmp.32be5160.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\SL70.tmp.a0a11ca2.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\Sudoku.exe.73685283.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\Sudoku.exe.90674b02.ini
c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory\TestDriven.NET-2.14.2190_Personal.exe.ce28e07c.ini
c:\documents and settings\james green\Start Menu\Programs\Startup\Zentom System Guard.lnk
c:\documents and settings\james green\WINDOWS
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\FreeventsSchedule.exe.34f2941e.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.19423898.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.e24841d8.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.e3b16eb1.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\SL69.tmp.edc4126c.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\SL7.tmp.32be5160.ini
c:\documents and settings\postgres\Local Settings\Application Data\ApplicationHistory\SL70.tmp.a0a11ca2.ini
c:\documents and settings\postgres\WINDOWS
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))
.
.
2011-09-15 21:23 . 2011-09-15 21:23   --------   d-----w-   c:\documents and settings\james green\Local Settings\Application Data\ApplicationHistory
2011-09-11 19:35 . 2011-09-11 19:35   388096   ----a-r-   c:\documents and settings\james green\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-11 19:35 . 2011-09-11 19:35   --------   d-----w-   c:\program files\Trend Micro
2011-09-10 16:15 . 2011-09-10 16:15   --------   d-----w-   c:\documents and settings\james green\Application Data\SUPERAntiSpyware.com
2011-09-10 16:14 . 2011-09-10 16:15   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-09-10 16:14 . 2011-09-10 16:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-10 15:48 . 2011-09-10 15:48   --------   d-----w-   c:\program files\CCleaner
2011-09-08 19:42 . 2011-09-08 19:42   --------   d-----w-   c:\documents and settings\james green\Application Data\Nero
2011-09-08 19:41 . 2011-09-08 19:53   --------   d-----w-   c:\documents and settings\james green\Local Settings\Application Data\Nero
2011-09-08 19:39 . 2011-09-08 19:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Nero
2011-09-08 19:38 . 2009-09-04 16:29   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2011-09-08 19:38 . 2009-09-04 16:29   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2011-09-08 19:38 . 2008-10-15 05:22   4379984   ----a-w-   c:\windows\system32\D3DX9_40.dll
2011-09-08 19:38 . 2007-07-19 17:14   3727720   ----a-w-   c:\windows\system32\d3dx9_35.dll
2011-09-08 19:38 . 2007-05-16 15:45   3497832   ----a-w-   c:\windows\system32\d3dx9_34.dll
2011-09-08 19:38 . 2011-09-10 16:05   --------   d-----w-   c:\windows\Logs
2011-09-08 19:28 . 2011-09-08 19:28   --------   d-s---w-   c:\documents and settings\LocalService\UserData
2011-09-07 20:29 . 2011-09-07 20:29   --------   d-sh--w-   c:\documents and settings\NetworkService\UserData
2011-09-07 19:58 . 2011-09-07 20:01   --------   d-----w-   c:\documents and settings\james green\Application Data\Tywufu
2011-09-07 19:58 . 2011-09-07 20:00   --------   d-----w-   c:\documents and settings\james green\Application Data\Xeda
2011-09-07 19:26 . 2011-09-07 19:26   --------   d-----w-   c:\program files\Yontoo Layers Runtime
2011-09-07 19:08 . 2011-09-07 19:12   --------   d-----w-   c:\documents and settings\james green\Application Data\Mp3tag
2011-09-07 19:08 . 2011-09-07 19:08   --------   d-----w-   c:\program files\Mp3tag
2011-09-03 10:17 . 2011-09-09 09:12   599040   -c----w-   c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-08-02 01:17   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 19:26 . 2011-08-13 16:45   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-08-14 12:05 . 2011-08-13 17:01   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2011-07-19 04:05 . 2010-10-02 13:30   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-19 01:40 . 2010-10-02 13:30   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2006-08-02 01:18   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-08-02 01:06   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-02-01 23:11   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2006-02-01 21:59   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2006-08-02 01:17   1830912   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2006-08-02 01:17   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2006-08-02 01:17   17408   ----a-w-   c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2006-08-02 01:17   389120   ----a-w-   c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-02-01 21:59   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-09-11 21:40 . 2011-07-20 18:47   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 09:15   2532680   ----a-w-   c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46   195360   ----a-w-   c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Philips Media Manager.lnk - c:\program files\Philips\Media Manager\Philips Media Manager.exe [2006-8-2 136704]
.
c:\documents and settings\postgres\Start Menu\Programs\Startup\
Philips Media Manager.lnk - c:\program files\Philips\Media Manager\Philips Media Manager.exe [2006-8-2 136704]
.
c:\documents and settings\james green\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
Philips Media Manager.lnk - c:\program files\Philips\Media Manager\Philips Media Manager.exe [2006-8-2 136704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-8-1 593920]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Philips Media Manager.lnk - c:\program files\Philips\Media Manager\Philips Media Manager.exe [2006-8-2 136704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Demo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Demo.lnk
backup=c:\windows\pss\AOL Demo.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-09-07 23:01   43008   ----a-w-   c:\program files\BitTorrent\bittorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00   299008   ------w-   c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\james green\\Desktop\\spotify.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 04:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 07:54 297168]
R1 CXAVSAUD;Conexant 2388x Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [01/08/2006 19:45 11008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 01:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/07/2008 03:22 1106968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 17:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 CXAVSTS;Conexant 2388x AVStream TS Capture;c:\windows\system32\drivers\cxavsts.sys [01/08/2006 19:45 16768]
R3 CXBDATUNE;Conexant BDA DVB Tuner/Demod;c:\windows\system32\drivers\cxBDAtun.sys [01/08/2006 19:45 102912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [26/04/2011 18:20 1025352]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [12/12/2006 14:05 162176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S4 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [10/07/2008 02:15 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/08/2008 15:31 47128]
S4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19/09/2008 04:03 65536]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 03:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/08/2008 15:31 369688]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-460988369-2511916315-2200423417-1006Core.job
- c:\documents and settings\james green\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-20 18:44]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-460988369-2511916315-2200423417-1006UA.job
- c:\documents and settings\james green\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-20 18:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\james green\Application Data\Mozilla\Firefox\Profiles\hwcoa53c.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4db6fed0&v=7.007.026.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - user.js: extentions.y2layers.installId - 64be6b6b-e9d9-4d48-8349-e6920348a9b2
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 22:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-460988369-2511916315-2200423417-1006\¬ í**]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:ef,d3,ab,bf,7b,d6,e2,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5308)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Sleek\CTJBNS2.dll
c:\program files\Creative\Creative Zen Sleek\CTIntrfc.dll
c:\program files\Creative\Creative Zen Sleek\CTConfig.DLL
c:\program files\Creative\Creative Zen Sleek\JBNSRES.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Kontiki\KService.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-09-15 22:30:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-15 21:30
.
Pre-Run: 194,779,738,112 bytes free
Post-Run: 195,338,190,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C73BC5D3CFA6D56B977598DE76F57462

SuperDave · « **Reply #7 on:** September 15, 2011, 04:18:01 PM »

P2P - I see you have P2P software installed on your machine (BitTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

jag66 · « **Reply #8 on:** September 18, 2011, 12:40:10 PM »

Got rid of Torrent.

Next log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
PID: 4
Hidden: Yes
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A561F000
Module End: A56D6000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: BA459738
Driver Base: BA458000
Driver End: BA45D000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: BA4597DC
Driver Base: BA458000
Driver End: BA45D000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateThread
Address: BA459878
Driver Base: BA458000
Driver End: BA45D000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: BA459914
Driver Base: BA458000
Driver End: BA45D000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-9499940BF8:56617
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:55801
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: LISTENING

Local Address: YOUR-9499940BF8:46840
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:43300
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:26902
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:20213
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:15580
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:11280
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:2869
Remote Address: 192.168.1.1:3435
Type: TCP
Process: System
State: ESTABLISHED

Local Address: YOUR-9499940BF8:2869
Remote Address: 192.168.1.1:3434
Type: TCP
Process: System
State: ESTABLISHED

Local Address: YOUR-9499940BF8:2869
Remote Address: 192.168.1.1:3433
Type: TCP
Process: System
State: ESTABLISHED

Local Address: YOUR-9499940BF8:2869
Remote Address: 192.168.1.1:3432
Type: TCP
Process: System
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1137
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1136
Remote Address: 2.18.125.177:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1134
Remote Address: 2.17.250.161:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1133
Remote Address: WWW-15-02-ASH3.FACEBOOK.COM:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1130
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1129
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1128
Remote Address: BRU02M01-IN-F95.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1126
Remote Address: 2.17.250.161:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1119
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1115
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1112
Remote Address: 192.168.1.1:5000
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:KPOP
Remote Address: 2.18.127.139:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1106
Remote Address: GBTECHNOLOGY-PC:2869
Type: TCP
Process: C:\WINDOWS\explorer.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1104
Remote Address: 213.146.189.203:12350
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1101
Remote Address: 78.141.177.89:12350
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1098
Remote Address: 213.146.189.203:12350
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1092
Remote Address: 95.182.207.251:27631
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1062
Remote Address: 84.53.178.49:HTTP
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-9499940BF8:27015
Remote Address: LOCALHOST:1040
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: YOUR-9499940BF8:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: YOUR-9499940BF8:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: YOUR-9499940BF8:2869
Remote Address: LOCALHOST:1055
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1135
Remote Address: LOCALHOST:1124
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1132
Remote Address: LOCALHOST:1123
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1131
Remote Address: LOCALHOST:1123
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1127
Remote Address: LOCALHOST:1038
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1125
Remote Address: LOCALHOST:1038
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1124
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: YOUR-9499940BF8:1123
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: YOUR-9499940BF8:1063
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: YOUR-9499940BF8:1060
Remote Address: LOCALHOST:1038
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1055
Remote Address: LOCALHOST:2869
Type: TCP
Process: C:\WINDOWS\explorer.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1040
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1039
Remote Address: LOCALHOST:1038
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1038
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: YOUR-9499940BF8:1037
Remote Address: LOCALHOST:1036
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1036
Remote Address: LOCALHOST:1037
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1035
Remote Address: LOCALHOST:1034
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1034
Remote Address: LOCALHOST:1035
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: YOUR-9499940BF8:1033
Remote Address: LOCALHOST:1032
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:1031
Remote Address: LOCALHOST:1030
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-9499940BF8:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: LISTENING

Local Address: YOUR-9499940BF8:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: LISTENING

Local Address: YOUR-9499940BF8:44985
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: YOUR-9499940BF8:12083
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: LISTENING

Local Address: YOUR-9499940BF8:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: LISTENING

Local Address: YOUR-9499940BF8:8080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
State: LISTENING

Local Address: YOUR-9499940BF8:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-9499940BF8:1947
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: LISTENING

Local Address: YOUR-9499940BF8:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-9499940BF8:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: YOUR-9499940BF8:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-9499940BF8:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: YOUR-9499940BF8:36134
Remote Address: NA
Type: UDP
Process: C:\Program Files\MSN Messenger\msnmsgr.exe
State: NA

Local Address: YOUR-9499940BF8:7755
Remote Address: NA
Type: UDP
Process: C:\Program Files\MSN Messenger\msnmsgr.exe
State: NA

Local Address: YOUR-9499940BF8:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-9499940BF8:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-9499940BF8:1900
Remote Address: NA
Type: UDP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: NA

Local Address: YOUR-9499940BF8:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-9499940BF8:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-9499940BF8:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-9499940BF8:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-9499940BF8:1107
Remote Address: NA
Type: UDP
Process: C:\Program Files\MSN Messenger\msnmsgr.exe
State: NA

Local Address: YOUR-9499940BF8:1105
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\explorer.exe
State: NA

Local Address: YOUR-9499940BF8:1076
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-9499940BF8:1058
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: YOUR-9499940BF8:1046
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: YOUR-9499940BF8:1042
Remote Address: NA
Type: UDP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: NA

Local Address: YOUR-9499940BF8:1041
Remote Address: NA
Type: UDP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: NA

Local Address: YOUR-9499940BF8:1026
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: YOUR-9499940BF8:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: YOUR-9499940BF8:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-9499940BF8:44985
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: YOUR-9499940BF8:42591
Remote Address: NA
Type: UDP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: NA

Local Address: YOUR-9499940BF8:28255
Remote Address: NA
Type: UDP
Process: C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
State: NA

Local Address: YOUR-9499940BF8:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-9499940BF8:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: YOUR-9499940BF8:1948
Remote Address: NA
Type: UDP
Process: C:\Program Files\Kontiki\KService.exe
State: NA

Local Address: YOUR-9499940BF8:1059
Remote Address: NA
Type: UDP
Process: C:\Program Files\MSN Messenger\msnmsgr.exe
State: NA

Local Address: YOUR-9499940BF8:1027
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-9499940BF8:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-9499940BF8:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-9499940BF8:HTTPS
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #9 on:** September 18, 2011, 01:05:22 PM »

How's the computer working? Still getting redirects?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

jag66 · « **Reply #10 on:** September 19, 2011, 02:20:30 AM »

It's still misbehaving. Think it's getting worse actually, it's grinding to a halt more often now, using up alot of the CPU.

jag66 · « **Reply #11 on:** September 19, 2011, 03:31:43 PM »

The latest log:

C:\AUTOEXEC.BAT   Win32/Delf.PBU trojan   cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\43\519a41eb-510ac6c0   a variant of Java/Agent.DM trojan   deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0O1QIXUS\2e327[1].pdf   JS/Exploit.Pdfka.PCZ trojan   cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LID0BLSF\index[1].htm   JS/Kryptik.CK trojan   cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll   a variant of Win32/Adware.Yontoo.A application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{5EF61E35-F473-47F0-AB71-E40210802868}\RP1274\A0124696.EXE   a variant of Win32/Keygen.AA application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{5EF61E35-F473-47F0-AB71-E40210802868}\RP1275\A0126403.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{5EF61E35-F473-47F0-AB71-E40210802868}\RP1283\A0129427.dll   a variant of Win32/Adware.Yontoo.A application   cleaned by deleting - quarantined

jag66 · « **Reply #12 on:** September 19, 2011, 03:36:05 PM »

Note, appears there's still funny behaviour unfortunately.

SuperDave · « **Reply #13 on:** September 19, 2011, 04:16:44 PM »

Please download Bootkit Remover by eSage Lab from here.

NOTE: This is a file compressed with Winrar. If you do not have the means to unpack it, you can download and install 7-zip from here.

•Unpack remover.exe from the bootkit_remover.rar archive and save it to your Desktop
•Doubleclick remover.exe to run the tool
•A DOS window will open with the results of the scan
•Rightclick that window and choose Select all
•Simultaneously press [CTRL] + C (copy) and paste the text in your next reply.

jag66 · « **Reply #14 on:** September 20, 2011, 01:55:56 PM »

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`2d05cc00

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

Computer Hope Forum

News:

Author Topic: Browser link redirection, spotify/ipod issues (Read 43634 times)

jag66

Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

SuperDave

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

SuperDave

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

SuperDave

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

SuperDave

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues

SuperDave

Re: Browser link redirection, spotify/ipod issues

jag66

Re: Browser link redirection, spotify/ipod issues