Inactive Win32.Bamital-X infection + possible keylogger

[Mustard87]

Hi, recently i have been having loads of malware problem with my computer, it all started with some weird virus/malware that redirected all my browser activities to malicious websites.

I tried to run a few cleanup programs as malwarebytes and superantispyware, they found some malwares but apparently not the ones causing the redirecting problems.

Anyway today i noticed that my gmail account had been accessed from a IP-adress in Japan/Korea and tons of spam had been sent from my address to others, so in fear of a keylogger i went and downloaded avast pro version and did a scan.

I found loads of infections that i cleaned/quarantined but there where 3 files i couldnt quarantine/remove because they where used by the os:

c:\windows\explorer.exe - threat: Win32:Bamital-X
c:\windows\system32\winlogon.exe - threat: Win32:Bamital-X
c:\windows\explorer.exe - threat: Win32:Bamital-X

now i was wondering if i could get some help to fix these please, also if someone could help me detect the keylogger if there is one, my gmail is the only thing that have been accessed sofar.

Im not pro at computers but neither a beginner so i should be fine following your instructions , thanks in advance.

Best Regards/ Mustard87

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[Mustard87]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Thanks and sorry i must have missed that thread, logs coming up.
I was unable to run the GMER app because it caused bluescreens and freezes and other nasty stuff so i decided to leave it alone.

EDIT:

Also i had three logs of malwarebytes, two from yesterday a quick and a complete scan then there where logs from a scan i did a few days ago that found some registry errors, ill go ahead and post them all.

EDIT 2:

I was unable to shutdown avast, i hope it didn't interfere to much, it still detects the viruses after all the steps.

 

[Mustard87]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4541

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-09-04 15:01:30
mbam-log-2010-09-04 (15-01-30).txt

Scan type: Quick scan
Objects scanned: 125646
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Mustard87]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4583

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-09-09 18:57:53
mbam-log-2010-09-09 (18-57-53).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 28813
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mathias Svensson\Application Data\Sun\Java\Deployment\cache\6.0\16\1a3682d0-13b2f1c2 (Trojan.Downloader) -> Quarantined and deleted successfully.

 

[Mustard87]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4583

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-09-09 19:58:30
mbam-log-2010-09-09 (19-58-30).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 179038
Time elapsed: 59 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Mathias Svensson\Local Settings\Application Data\34888628.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mathias Svensson\Local Settings\Application Data\lxdyxbauj\fkxfxnjshdw.exe.vir (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mathias Svensson\Local Settings\Application Data\ywgaxaatf\flqubuushdw.exe.vir (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP0\A0000190.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP0\A0000191.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP0\A0000193.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP2\A0001660.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{C8F1AC45-4C63-4B64-A4E6-8D5B05200FBB}\RP553\A0111190.exe (Rogue.Installer) -> Quarantined and deleted successfully.
F:\F\Program\sysreset253.exe (Backdoor.Zapchast) -> Quarantined and deleted successfully.
F:\Osorterat\sysreset253.exe (Backdoor.Zapchast) -> Quarantined and deleted successfully.

 

[Mustard87]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mathias Svensson at 13:12:31,37 on 2010-09-10
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT 2:00]

AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Registry Mechanic2\RegMech.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic2\RegMech.exe /H
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\mathia~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mathia~1\applic~1\mozilla\firefox\profiles\yaka3xjr.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-9-9 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-9-9 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-9-9 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-9 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-9 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-9 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-9-9 119200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\spel\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-8-6 100736]

=============== Created Last 30 ================

2010-09-09 18:55:09 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-09-09 18:55:08 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-09-09 18:54:57 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-09-09 18:54:41 38848 ----a-w- c:\windows\avastSS.scr
2010-09-09 18:54:41 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-09-09 18:54:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-09 18:48:19 0 d-----w- c:\program files\Registry Mechanic2
2010-09-04 13:09:39 0 d-----w- c:\docume~1\mathia~1\applic~1\Spotify
2010-09-04 13:09:38 0 d-----w- c:\program files\Spotify
2010-09-04 12:56:55 0 d-----w- c:\docume~1\mathia~1\applic~1\Malwarebytes
2010-09-04 12:56:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 12:56:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 12:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 12:56:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-03 08:54:48 0 d-----w- c:\program files\Trend Micro
2010-09-01 17:16:17 0 d-sha-r- C:\cmdcons
2010-08-31 21:26:35 0 d-----w- c:\windows\system32\wbem\snmp
2010-08-31 21:26:34 0 d-----w- c:\windows\system32\xircom
2010-08-31 21:26:34 0 d-----w- c:\program files\msn gaming zone
2010-08-31 21:12:27 98816 ----a-w- c:\windows\sed.exe
2010-08-31 21:12:27 77312 ----a-w- c:\windows\MBR.exe
2010-08-31 21:12:27 256512 ----a-w- c:\windows\PEV.exe
2010-08-31 21:12:27 161792 ----a-w- c:\windows\SWREG.exe
2010-08-31 20:31:35 5 ----a-w- C:\zrpt.xml
2010-08-22 14:32:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Boss Media
2010-08-22 14:32:50 0 d-----w- C:\Casino
2010-08-22 12:01:13 0 d-----w- c:\program files\PokerStars
2010-08-19 15:20:08 299520 ----a-w- c:\windows\uninst.exe
2010-08-19 15:19:26 0 d-----w- c:\documents and settings\mathias svensson\WINDOWS
2010-08-13 17:28:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 17:28:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 17:28:37 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 17:28:37 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 17:28:36 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 17:28:36 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 17:28:36 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-13 17:28:36 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

==================== Find3M ====================

2010-04-06 20:30:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010040620100407\index.dat

============= FINISH: 13:12:45,34 ===============

 

[Mustard87]

==== Event Viewer Messages From Past Week ========

9/9/2010 8:56:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/5/2010 10:24:53 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/4/2010 3:31:30 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
9/10/2010 12:59:21 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
9/10/2010 12:43:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips SASDIFSV SASKUTIL
9/10/2010 1:07:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
9/10/2010 1:07:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Firewall service.

==== End Of File ===========================

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Mustard87]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB8118000 PxHelp20.sys
0xB7EC2000 KSecDD.sys
0xB7EAF000 WudfPf.sys
0xB7E22000 Ntfs.sys
0xB7DF5000 NDIS.sys
0xB7DC8000 aswNdis2.sys
0xB85AE000 aswNdis.sys
0xB7DAE000 Mup.sys
0xB8158000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB53A3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB538F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB5377000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8380000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB5353000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB5330000 \SystemRoot\system32\DRIVERS\ks.sys
0xB5308000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8198000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8568000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB52F4000 \SystemRoot\system32\DRIVERS\parport.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8684000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB52DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB52A4000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB51D4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8408000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85B4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5176000 \SystemRoot\system32\DRIVERS\update.sys
0xB8594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8218000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8258000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB2BC5000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB2BA1000 \SystemRoot\system32\drivers\portcls.sys
0xB8268000 \SystemRoot\system32\drivers\drmk.sys
0xB8428000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85C6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB870C000 \SystemRoot\System32\Drivers\Null.SYS
0xB85CA000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8448000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8450000 \SystemRoot\System32\drivers\vga.sys
0xB85CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8460000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8470000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8590000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2B1E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2AC5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2AAE000 \SystemRoot\System32\Drivers\aswFW.SYS
0xB2A88000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5156000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB82A8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB82B8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB2998000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5D66000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB2976000 \SystemRoot\System32\drivers\afd.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2954000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB8488000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB2929000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB28B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB82E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB2892000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB2839000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xB8340000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB8318000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB27F9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85E8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2A84000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8398000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB875C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB25DD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB2529000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB229A000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB1DFD000 \SystemRoot\system32\drivers\wdmaud.sys
0xB21C2000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1A66000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8628000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB19C4000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8440000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB168B000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0B7A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
1008 C:\WINDOWS\system32\smss.exe
1064 csrss.exe
1088 C:\WINDOWS\system32\winlogon.exe
1140 C:\WINDOWS\system32\services.exe
1152 C:\WINDOWS\system32\lsass.exe
1308 C:\WINDOWS\system32\nvsvc32.exe
1368 C:\WINDOWS\system32\svchost.exe
1464 svchost.exe
1588 C:\WINDOWS\system32\svchost.exe
1632 C:\WINDOWS\system32\svchost.exe
1736 svchost.exe
1884 svchost.exe
1948 C:\Program Files\Alwil Software\Avast5\afwServ.exe
188 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
268 C:\WINDOWS\explorer.exe
440 C:\Program Files\Unlocker\UnlockerAssistant.exe
448 C:\Program Files\Common Files\Java\Java Update\jusched.exe
468 C:\WINDOWS\system32\rundll32.exe
484 C:\WINDOWS\RTHDCPL.exe
1228 C:\Program Files\Winamp\winampa.exe
1404 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1412 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1456 C:\WINDOWS\system32\ctfmon.exe
1512 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1532 C:\Program Files\Registry Mechanic2\RegMech.exe
1548 C:\Program Files\Personal\bin\Personal.exe
1608 C:\Program Files\OpenOffice.org 3\program\soffice.exe
1696 C:\Program Files\OpenOffice.org 3\program\soffice.bin
800 C:\WINDOWS\system32\spoolsv.exe
1716 C:\Program Files\Java\jre6\bin\jqs.exe
276 C:\WINDOWS\system32\PnkBstrA.exe
3060 alg.exe
3796 C:\WINDOWS\system32\svchost.exe
3892 C:\WINDOWS\system32\wuauclt.exe
872 C:\Program Files\Windows Live\Contacts\wlcomm.exe
1820 C:\Program Files\Mozilla Firefox\firefox.exe
2864 C:\Program Files\Mozilla Firefox\plugin-container.exe
3140 C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: SAMSUNGHD080HJ, Rev: WT100-33
PhysicalDrive2 Model Number: SAMSUNGSP2504C, Rev: VT100-33
PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAK
PhysicalDrive3 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Mustard87]

ComboFix 10-09-09.04 - Mathias Svensson 2010-09-11 10:20:01.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1596 [GMT 2:00]
Running from: c:\documents and settings\Mathias Svensson\Desktop\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-09 18:55 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-09 18:55 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-09 18:55 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-09-09 18:55 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-09-09 18:54 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-09-09 18:54 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-09 18:54 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-09 18:54 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-09 18:54 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-09 18:54 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-09 18:54 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-09 18:54 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-09 18:54 . 2010-09-07 14:24 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\program files\Alwil Software
2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-09 18:48 . 2010-09-09 18:49 -------- d-----w- c:\program files\Registry Mechanic2
2010-09-04 13:57 . 2010-09-04 13:57 46852 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-04 13:09 . 2010-09-10 16:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Spotify
2010-09-04 13:09 . 2010-09-10 16:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Spotify
2010-09-04 13:09 . 2010-09-04 13:09 655360 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-09-04 13:09 . 2010-09-04 13:09 282624 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-09-04 13:09 . 2010-09-04 13:09 208896 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-09-04 13:09 . 2010-09-04 13:09 -------- d-----w- c:\program files\Spotify
2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Malwarebytes
2010-09-04 12:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-04 12:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\Trend Micro
2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\wbem\snmp
2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\xircom
2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\program files\microsoft frontpage
2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Boss Media
2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Boss Media
2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- C:\Casino
2010-08-22 12:01 . 2010-08-26 16:47 -------- d-----w- c:\program files\PokerStars
2010-08-21 13:21 . 2010-07-16 09:38 711168 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307a-1007160-0-main.dll
2010-08-21 13:21 . 2010-08-21 13:21 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\
2010-08-19 15:20 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
2010-08-19 15:19 . 2010-08-19 15:19 -------- d-----w- c:\documents and settings\Mathias Svensson\WINDOWS
2010-08-18 19:09 . 2010-08-18 19:09 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Fallout3
2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-08-18 18:55 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2010-08-16 19:51 . 2010-08-16 19:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Temp
2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-16 19:46 . 2010-08-16 19:47 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Google
2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\program files\Google
2010-08-13 17:29 . 2010-08-13 17:29 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\2K Games
2010-08-13 17:28 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 17:28 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 17:28 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 17:28 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 08:06 . 2010-06-10 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 20:21 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\uTorrent
2010-09-09 16:23 . 2010-06-10 15:07 63488 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-09 16:23 . 2010-06-10 15:07 117760 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 12:52 . 2010-05-30 21:46 -------- d-----w- c:\program files\Family Toolbar
2010-09-04 12:52 . 2010-04-06 21:58 -------- d-----w- c:\program files\Ask.com
2010-09-03 17:45 . 2010-05-21 19:58 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\vlc
2010-09-03 17:14 . 2010-05-24 16:51 1 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-01 17:26 . 2010-04-06 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-19 14:06 . 2010-06-30 10:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-19 13:10 . 2010-05-01 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-18 18:55 . 2010-04-06 20:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 14:03 . 2010-04-06 20:57 0 ----a-w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\prvlcl.dat
2010-08-06 12:36 . 2010-08-06 12:36 503808 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcp71.dll
2010-08-06 12:36 . 2010-08-06 12:36 499712 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\jmc.dll
2010-08-06 12:36 . 2010-08-06 12:36 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcr71.dll
2010-08-06 12:35 . 2010-08-06 12:35 61440 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-sse.dll
2010-08-06 12:35 . 2010-08-06 12:35 12800 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-d3d.dll
2010-08-06 12:14 . 2010-08-06 12:13 -------- d-----w- c:\program files\Telia mobile broadband
2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Personal
2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\program files\Personal
2010-07-23 21:21 . 2010-07-23 20:52 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\.minecraft
2010-07-23 21:06 . 2010-07-23 21:06 -------- d-----w- c:\program files\Fiddler2
2010-07-20 16:20 . 2010-07-20 16:20 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-20 16:20 . 2010-07-20 16:20 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-20 16:20 . 2010-07-20 16:20 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-20 16:20 . 2010-07-20 16:20 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-13 18:39 . 2010-04-06 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-17 08:34 . 2010-05-27 08:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

------- Sigcheck -------

[-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 0F998AF1008EF258141CBEAEB4F4FF35 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-04-14 . F5A2A55404DC7EE5B6D229374D28E515 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-31_21.27.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-09-11 07:59 . 2010-09-11 07:59 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2010-09-09 18:48 . 1996-01-12 15:00 24576 c:\windows\system32\STKIT432.DLL
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-09-09 18:54 . 2010-09-09 18:54 219648 c:\windows\Installer\1c506c4.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"RegistryMechanic"="c:\program files\Registry Mechanic2\RegMech.exe" [2009-06-23 2836376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-19 124928]

c:\documents and settings\Mathias Svensson\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Personal.lnk - c:\program files\Personal\bin\Personal.exe [2010-7-26 939536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

 

[Mustard87]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Beat Hazard\\BeatHazard.exe"=
"h:\\Spel\\Dragon Age\\bin_ship\\daorigins.exe"=
"h:\\Spel\\Dragon Age\\DAOriginsLauncher.exe"=
"h:\\Spel\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"g:\\WoW\\wow1\\Launcher.exe"=
"h:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"h:\\Steam\\steamapps\\msvensson87\\team fortress 2\\hl2.exe"=
"h:\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"g:\\spel\\StarCraft II\\StarCraft II.exe"=
"g:\\spel\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Documents and Settings\\Mathias Svensson\\Application Data\\Macromedia\\Flash Player\\"=
"h:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"h:\\Steam\\steamapps\\mustard87\\garrysmod\\hl2.exe"=
"h:\\Steam\\steamapps\\mustard87\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"h:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [9/9/2010 8:54 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [9/9/2010 8:54 PM 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [9/9/2010 8:55 PM 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/9/2010 8:55 PM 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/9/2010 8:55 PM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 8:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2010 8:55 PM 17744]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [9/9/2010 8:54 PM 119200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2010 9:46 PM 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\spel\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 10:07 PM 25832]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8/6/2010 2:13 PM 100736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/15/2010 10:33 AM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-06-19 20:42 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]

2010-09-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1972579041-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:d0,e1,b6,f9,b1,88,f2,93,07,c8,5f,3b,64,5e,a7,d0,72,9c,2e,d9,fa,
07,65,ce,16,99,6b,38,23,b6,0e,2d,2e,4d,c7,2b,c0,62,d6,d4,73,4d,09,ff,d3,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

 

[Mustard87]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"
"DllName"="iedkcs32.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicy"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
@DACL=(02 0000)
"DLLName"="avgrsstx.dll"
"Startup"="AvgStartup"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2010-09-11 10:34:51
ComboFix-quarantined-files.txt 2010-09-11 08:34
ComboFix2.txt 2010-09-01 17:21
ComboFix3.txt 2010-09-01 17:04
ComboFix4.txt 2010-08-31 21:29

Pre-Run: 514*473*984 bytes free
Post-Run: 664*113*152 bytes free

- - End Of File - - 2DA74FC73E53E223F4CD17D3C8282A9D

 

[Mustard87]

It found the infections and attempted to fix them, but according to Avast they are still Infected.

 

[Broni]

Uninstall Registry Mechanic2.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

Uninstall Ask.com as it's considered as an adware.

========================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :filefind
  explorer.exe
  winlogon.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

=====================================================================

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\documents and settings\All Users\Application Data\avg9

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Mustard87]

SystemLook 04.09.10 by jpshortstuff
Log created at 22:15 on 11/09/2010 by Mathias Svensson
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [12:00 14/04/2008] [12:00 14/04/2008] F5A2A55404DC7EE5B6D229374D28E515

Searching for "winlogon.exe"
C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [12:00 14/04/2008] [12:00 14/04/2008] (Unable to calculate MD5)

-= EOF =-

 

[Mustard87]

ComboFix 10-09-11.02 - Mathias Svensson 2010-09-11 22:46:02.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT 2:00]
Running from: c:\documents and settings\Mathias Svensson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mathias Svensson\Desktop\CFScript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg
c:\documents and settings\All Users\Application Data\avg9\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\Temp\02323eb2-3fcf-48f0-9369-9a1efc15e1a7-22c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\054dffb7-d884-41f9-b7bc-5f13d2f1b382-8dc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\085c18e8-dc85-4dc0-90f5-3a3c330c36c9-228-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\08b95cc1-5834-495c-8200-649598bcf7be-9b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0a013544-471a-4c78-8ede-e6d42841688a-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0c43acf6-7802-42bd-a8a5-a23ab7a615c6-760-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0e884cd9-5373-4904-9df0-10197103b0ed-4e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0ed625f4-4064-4d46-b027-8e2201c1d74a-2e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f5e8ddd-c438-44ca-bae5-231b8ce2d15c-a68-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0fc8c6bd-b03d-4503-8ce6-a6e84d91a14c-500-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1261fa4d-ea84-4435-90b9-828944cf67a9-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\14751035-58ec-46c6-ac97-afcbc0b838ac-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1543cde3-b280-4350-ad8e-f0e9cd26c2e5-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\183c2cf2-caf9-4b36-aff9-28e3c710cb86-698-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1872d834-a343-4e57-ac93-1bf73b5be866-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1b6ad8a8-5a93-40f0-99d0-0a6c86276967-1b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1cf5bfd6-decb-442a-99ba-40628c507133-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1cfa25c1-42b1-4ef8-9b73-145fa552023a-4f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1e55f963-9366-4898-a5e6-1718ca4226c5-274-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1f865f9c-ba4b-49ef-8db3-f11a23eb9d59-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20ea8c58-d0ff-488c-a2ff-bfe81e9b38d4-2a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\23b80dc2-baff-45cf-a061-b36b667cdbcb-8ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\241aadc4-7d03-4f03-8cb1-f24d55a76053-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\24898093-2113-4a5f-b2c5-9964dbdfcd83-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\28aff406-de1f-44df-8c25-ea9b3844a467-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\31113379-d4ad-4ad8-b937-08a6cebd69ea-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3159077d-d024-4d33-acd2-5fa9260eec81-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3262804b-eabb-4c58-8b3f-6d7515bd1f1c-20c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\329e31a4-b37f-415f-a776-868dc274e0c1-5ec-oopp.tmp

 

[Mustard87]

c:\documents and settings\All Users\Application Data\avg9\Temp\352a2abb-c816-4b4f-bedd-eb71434ba769-760-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\355fdde3-03fd-4fa9-b902-e76906b54430-4fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\39a17fd1-8715-4d2c-a4ef-a99ccdca12b2-820-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3aadeba0-a4dd-48a4-b222-344a94c4fe24-21c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3d303110-7824-4500-889a-128e1f4c58eb-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3d698be8-7bf3-452f-a051-5a5bf77b5930-920-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3fed2ff3-bb18-4459-8aec-170e6f6e3fce-82c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4025549f-e785-46b6-b1bd-8c785ca42212-a64-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\403a5946-53a2-46d3-abd7-66f44f1f3ea3-23c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\41dc8c68-bbfb-414e-bb2d-dd28dfdfa280-500-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\43b64498-93f1-4754-bb9f-18ee9c300a68-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\452c64e3-1cc4-47fa-9b3b-822beaedd050-840-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4838e1ed-612a-4286-9268-6b80935457ec-a48-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4973e37f-d586-44c6-bd53-54768efef009-3b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4a54965f-48eb-4ab9-8594-8120fd688e9a-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4b29b1e0-6c32-4f9c-b696-1e034943e19a-514-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4c51425d-7564-46a2-9b57-db106114bc6f-254-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4cb1738a-a3ed-4ef3-8b8c-dddb80671af7-9e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\537f25e3-0a22-4371-867b-71bcc4a216c1-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\59ab37f8-b4f2-4393-9e49-16b7e887c5aa-4fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ac2024f-ee6b-4529-a345-226e8b24bf30-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ac3fb69-8cce-43f1-a4ba-198a3d043f49-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5adce29d-b584-4330-9abf-18e2b59810b0-24c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5b11f36c-11a2-4c17-9c9c-dd88b07170e0-550-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5b7562e0-cb49-4f7b-9a37-a4041d92a40a-250-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ca25f2e-9afd-4287-bf3d-3ff39c858fcd-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ce21424-30c4-4d90-9da5-b30ab12a1e14-984-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ce49268-3129-4b46-93d1-54062d322cce-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d51aedb-b575-4c00-9b89-f1d019fccedc-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5fd5d36a-e3f1-4cda-8109-a913e470411f-500-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\62521876-fc79-44ce-a13f-90cd388332e5-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\639e5817-87dc-42f4-82fb-565e6c807c12-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\63f61329-d387-479f-bd1f-7ad89e1ce2c4-840-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\64a5b7ef-2b3c-4bad-abd2-a74251ef5f21-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\65d250b6-51c9-4852-8460-64beee5624dd-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6684b62d-9044-44dc-badd-ef38cfe4899e-260-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6e2e2972-1a09-45b9-82dc-1d20f742a0b2-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\708d4428-d37d-43e1-94b2-222983d8a11a-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\782e89f0-80f3-4717-9079-73537e0edaee-4fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7b17abe4-cc0a-4159-a97e-e473f3a1fbef-a54-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7c3946bf-2a5a-42ab-a27e-d48023363500-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8181d495-1770-4a0d-aa83-9b5de901f419-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\81c89283-3253-4358-ab3b-df281e7d8ffb-234-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\83b06096-5272-46a1-bfc6-3b2f8f2ad44f-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8415a26d-2468-41ae-bfbf-115453b272c9-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\88980d73-e1eb-428c-ad7f-dbffdd92f10f-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8a76ad43-41b4-444c-bfb5-54a691ddbffc-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8dfff3ea-7e86-42b4-af0a-442aadb459e9-4c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\907ab9b2-97aa-4cf3-9914-8ae685c03bf6-860-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9286465d-8091-438d-9d75-467765cbf2a5-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9467d73b-a59b-4ee1-91fb-bd297cb2b432-504-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9511861e-5bc7-40bd-8e3f-2d1632840dab-4f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9585c0d8-62bd-45e6-b60c-a82bd1be0ae2-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\97c82dc4-9e65-4e97-8e94-b1fc2b98cf61-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\98afe6c1-dcf0-47cf-b03d-f9ca79712d00-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9cb18581-14f3-408f-af1b-e1209ea1908b-830-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9eaca4c6-eebb-460e-9ce3-ac23f5c8a96d-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9ed8fc08-a8ee-4128-9e46-e145ac331cd4-814-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a0fa0d9f-fd55-4695-92ed-184efac0fdcd-9b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a5d5432a-4b1a-4a50-afac-5e77096de4c8-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a8f1ae1d-8df5-46a7-b956-34e98f3a97d4-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ab9dc5c3-1816-4851-9ad3-5cd4e1516a55-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\acf4774d-5a74-4363-9a70-274cb6dd6835-234-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af706299-c015-4384-b06e-e4275ded19b1-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af936c89-ab88-4535-ab37-01c87320fde5-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b08c1264-322d-4d7a-acc8-4a75515b5063-40c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b1c520b5-b567-406c-a133-5cf59d40b1be-91c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b20df96c-dce3-43c4-8035-4e88b83b6ae3-8fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5f0cbc9-929b-4043-901b-58760f1b627d-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b60e72ae-adcb-4382-8cde-4ac9f3b61e7e-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b6253172-344f-4542-a0b3-a92b2a8a7ed9-9cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b9a5b9e4-598b-46a0-98bc-58d9894e2b01-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bf2e6b8c-4c90-4c4e-b50f-c502da98bba9-868-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bf74d94d-7235-4a1e-9aa9-242f0d25b6a4-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c01ffce8-5080-4839-97bd-7be379399ef2-500-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c0514520-5987-4de8-9551-43a8bbeb93a1-508-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c06bc6d3-be79-44a2-b69d-ef9836415d80-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c2a192c4-11ad-4f8b-8d00-2e421d771cc2-34c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c2d04868-1ac3-4e57-98a4-48755089b327-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c3a6533c-e52e-456e-88dc-27df18ba9f83-644-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c3cf8446-1074-43a4-b6fd-217ec0de0480-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c50089b1-9e9a-4c73-b678-42a6dff3ab1a-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c5cd1af6-4eef-4022-ac6a-ceb7eee3e918-b10-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9248d54-ac8d-40f2-8d7b-e1d052d07a7c-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cc55b2a1-ec34-42c4-bbe2-bee46f460bd1-234-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cc643568-8ae8-4e2a-bc9f-9c657eca4b06-b4c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cdbbee92-5c8e-4b99-bc50-8b25e5ae2963-224-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cf205045-0657-4e4a-b06a-291701949550-780-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cf431b6a-a664-4212-969c-43d736b8868d-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d06b77f0-1b82-4604-9b90-31c02b5390f1-224-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d0ba4925-a6d6-490d-af3d-a6e46ef13766-654-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d1bb7d23-204d-4702-87ca-ff1174752956-56c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d232277a-9fc5-42f2-9fd1-bedf72c3e4b5-58c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d30a1165-de01-4fa5-a752-ec3f9691ca0d-378-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d458e69f-384e-478a-b6d6-bf9740e58994-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d51fbce5-1b54-4bf6-b2f8-274887d1116a-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d58d5228-62f1-4c63-8b2e-25120472098f-9ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d5ad784c-a3d8-4bf8-8352-c343bd12b802-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d96615f1-d33d-4021-b487-993710d92b23-4e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\da82c0d5-d604-4d5b-b362-60b577dcdfb7-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db4f7d84-3098-4ae4-b458-a1d4844969f0-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dd20a6d6-f3c5-4397-9c3b-469f1465d506-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e02b08e3-e946-4758-a407-7dee0d8bf1ce-280-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e0efcc46-1699-466c-8376-abd17ecbd611-4fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e1f31808-cdb1-4a92-bd76-53920219ce33-1fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e54d6e2c-0007-4960-85da-baf03c3d7b2b-7f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eaed9d12-0f35-4f43-a1d6-fd21de6119da-304-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ecd89d25-b580-4b04-8be3-483f93df5456-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f08a9072-9c9e-4b98-a9bf-8d221cf05ec6-94c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f0abd673-b459-41d1-9405-f1202defdcab-248-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f3a6e416-eaa0-4b42-b499-eae84d70c57a-1e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f7187d62-2575-48db-926c-54e7f854c846-580-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fa134c47-d268-42a4-90f2-c9f8c116f7e8-578-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fade991f-9782-4d4a-95cd-cd00ffac5a20-6cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fbd67051-163f-4ac4-b826-2b9e2e789b5c-a3c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fce0e8e6-1d92-474d-8aa4-d4f6ebaf6a55-124-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fe162acc-7a22-47ed-a99c-bf1021543320-944-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff74561d-efb4-4542-90e8-0c4a0040441b-57c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff770899-878a-4e0a-a983-01d2f190ac9e-550-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fff3d910-2083-46de-afad-91bc27d0040f-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
c:\documents and settings\All Users\Application Data\avg9\update\backup\avg9us.lng
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfree_us.mht
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\cf.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\cty.cty
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\backup\install.rdf
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat.xcd
c:\documents and settings\All Users\Application Data\avg9\update\backup\searchshield.jar
c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

 

[Mustard87]

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-09 18:55 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-09 18:55 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-09 18:55 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-09-09 18:55 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-09-09 18:54 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-09-09 18:54 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-09 18:54 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-09 18:54 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-09 18:54 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-09 18:54 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-09 18:54 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-09 18:54 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-09 18:54 . 2010-09-07 14:24 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\program files\Alwil Software
2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-09 18:48 . 2010-09-11 20:13 -------- d-----w- c:\program files\Registry Mechanic2
2010-09-04 13:57 . 2010-09-04 13:57 46852 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-04 13:09 . 2010-09-11 16:15 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Spotify
2010-09-04 13:09 . 2010-09-11 15:29 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Spotify
2010-09-04 13:09 . 2010-09-04 13:09 655360 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-09-04 13:09 . 2010-09-04 13:09 282624 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-09-04 13:09 . 2010-09-04 13:09 208896 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-09-04 13:09 . 2010-09-04 13:09 -------- d-----w- c:\program files\Spotify
2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Malwarebytes
2010-09-04 12:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-04 12:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\Trend Micro
2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\wbem\snmp
2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\xircom
2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\program files\microsoft frontpage
2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Boss Media
2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Boss Media
2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- C:\Casino
2010-08-22 12:01 . 2010-08-26 16:47 -------- d-----w- c:\program files\PokerStars
2010-08-21 13:21 . 2010-07-16 09:38 711168 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307a-1007160-0-main.dll
2010-08-21 13:21 . 2010-08-21 13:21 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\
2010-08-19 15:20 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
2010-08-19 15:19 . 2010-08-19 15:19 -------- d-----w- c:\documents and settings\Mathias Svensson\WINDOWS
2010-08-18 19:09 . 2010-08-18 19:09 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Fallout3
2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-08-18 18:55 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2010-08-16 19:51 . 2010-08-16 19:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Temp
2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-16 19:46 . 2010-08-16 19:47 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Google
2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\program files\Google
2010-08-13 17:29 . 2010-08-13 17:29 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\2K Games
2010-08-13 17:28 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 17:28 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 17:28 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 17:28 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-13 17:28 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 20:32 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\uTorrent
2010-09-11 20:13 . 2010-06-10 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-11 14:18 . 2010-05-27 08:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-09 16:23 . 2010-06-10 15:07 63488 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-09 16:23 . 2010-06-10 15:07 117760 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 12:52 . 2010-05-30 21:46 -------- d-----w- c:\program files\Family Toolbar
2010-09-03 17:45 . 2010-05-21 19:58 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\vlc
2010-09-03 17:14 . 2010-05-24 16:51 1 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-19 14:06 . 2010-06-30 10:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-19 13:10 . 2010-05-01 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-18 18:55 . 2010-04-06 20:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 14:03 . 2010-04-06 20:57 0 ----a-w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\prvlcl.dat
2010-08-06 12:36 . 2010-08-06 12:36 503808 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcp71.dll
2010-08-06 12:36 . 2010-08-06 12:36 499712 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\jmc.dll
2010-08-06 12:36 . 2010-08-06 12:36 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcr71.dll
2010-08-06 12:35 . 2010-08-06 12:35 61440 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-sse.dll
2010-08-06 12:35 . 2010-08-06 12:35 12800 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-d3d.dll
2010-08-06 12:14 . 2010-08-06 12:13 -------- d-----w- c:\program files\Telia mobile broadband
2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Personal
2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\program files\Personal
2010-07-23 21:21 . 2010-07-23 20:52 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\.minecraft
2010-07-23 21:06 . 2010-07-23 21:06 -------- d-----w- c:\program files\Fiddler2
.

------- Sigcheck -------

[-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 0F998AF1008EF258141CBEAEB4F4FF35 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-04-14 . F5A2A55404DC7EE5B6D229374D28E515 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-31_21.27.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-09-11 08:37 . 2010-09-11 08:37 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
+ 2010-09-09 18:48 . 1996-01-12 15:00 24576 c:\windows\system32\STKIT432.DLL
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-09-09 18:54 . 2010-09-09 18:54 219648 c:\windows\Installer\1c506c4.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-19 124928]

c:\documents and settings\Mathias Svensson\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Personal.lnk - c:\program files\Personal\bin\Personal.exe [2010-7-26 939536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Beat Hazard\\BeatHazard.exe"=
"h:\\Spel\\Dragon Age\\bin_ship\\daorigins.exe"=
"h:\\Spel\\Dragon Age\\DAOriginsLauncher.exe"=
"h:\\Spel\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"g:\\WoW\\wow1\\Launcher.exe"=
"h:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"h:\\Steam\\steamapps\\msvensson87\\team fortress 2\\hl2.exe"=
"h:\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"g:\\spel\\StarCraft II\\StarCraft II.exe"=
"g:\\spel\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Documents and Settings\\Mathias Svensson\\Application Data\\Macromedia\\Flash Player\\"=
"h:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"h:\\Steam\\steamapps\\mustard87\\garrysmod\\hl2.exe"=
"h:\\Steam\\steamapps\\mustard87\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"h:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [9/9/2010 8:54 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [9/9/2010 8:54 PM 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [9/9/2010 8:55 PM 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/9/2010 8:55 PM 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/9/2010 8:55 PM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 8:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2010 8:55 PM 17744]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [9/9/2010 8:54 PM 119200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2010 9:46 PM 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\spel\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 10:07 PM 25832]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8/6/2010 2:13 PM 100736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/15/2010 10:33 AM 691696]

 

[Mustard87]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-06-19 20:42 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1972579041-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:d0,e1,b6,f9,b1,88,f2,93,07,c8,5f,3b,64,5e,a7,d0,72,9c,2e,d9,fa,
07,65,ce,16,99,6b,38,23,b6,0e,2d,2e,4d,c7,2b,c0,62,d6,d4,73,4d,09,ff,d3,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"
"DllName"="iedkcs32.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicy"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
@DACL=(02 0000)
"DLLName"="avgrsstx.dll"
"Startup"="AvgStartup"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2010-09-11 23:01:10
ComboFix-quarantined-files.txt 2010-09-11 21:01
ComboFix2.txt 2010-09-01 17:21
ComboFix3.txt 2010-09-01 17:04
ComboFix4.txt 2010-08-31 21:29

Pre-Run: 487*776*256 bytes free
Post-Run: 471*244*800 bytes free

- - End Of File - - A7EE456650C0E11C70D61E52F916CBAB

 

[Mustard87]

I don't know how ask ended up on my computer, i couldn't find a uninstall option so i removed the folder, i also uninstalled RegMech.

Thanks for taking time to help!

 

[Broni]

Do you have Windows XP CD?


Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
winlogon.exe
explorer.exe
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Mustard87]

Yea i have my Windows xp cd here somewhere if it should be needed

 

[Mustard87]

OTL logfile created on: 2010-09-12 22:38:30 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Mathias Svensson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,27 Gb Free Space | 1,39% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 0,73 Gb Free Space | 1,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232,88 Gb Total Space | 1,83 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive G: | 298,09 Gb Total Space | 14,49 Gb Free Space | 4,86% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 1,62 Gb Free Space | 0,35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MUSTARD
Current User Name: Mathias Svensson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-09-12 22:37:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\OTL.exe
PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-09-07 17:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010-07-26 17:08:07 | 000,939,536 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2010-02-02 00:59:08 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-02-02 00:59:06 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010-01-14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009-09-30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008-04-14 14:00:00 | 001,033,728 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 14:00:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2006-09-07 17:19:28 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


========== Modules (SafeList) ==========

MOD - [2010-09-12 22:37:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\OTL.exe
MOD - [2008-04-14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006-09-07 17:18:58 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-09-07 17:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- H:\Spel\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MATHIA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010-09-07 16:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010-09-07 16:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010-09-07 16:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-09-07 16:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-15 10:33:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010-04-06 23:12:41 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-03-16 08:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-12-07 19:53:12 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-10-12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008-04-14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 05:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007-08-28 10:55:10 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007-05-31 09:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-06-18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.5
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.43

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010-07-23 23:06:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-09 18:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-09 18:32:16 | 000,000,000 | ---D | M]

[2010-09-09 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Extensions
[2010-09-12 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\extensions
[2010-09-09 18:33:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-09-10 21:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\extensions\sv@dictionaries.addons.mozilla.org
[2010-09-12 20:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010-09-11 23:00:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal.lnk = C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Documents and Settings\Mathias Svensson\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-06 22:19:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010-09-12 15:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Synthesia
[2010-09-12 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\Synthesia-0.7.4
[2010-09-11 22:34:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010-09-11 12:48:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mathias Svensson\Recent
[2010-09-10 13:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010-09-10 13:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\New Folder (2)
[2010-09-10 12:58:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\Desktop\TFC.exe
[2010-09-09 20:55:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-09-09 20:55:10 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-09-09 20:55:09 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010-09-09 20:55:08 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010-09-09 20:54:57 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010-09-09 20:54:56 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-09-09 20:54:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-09-09 20:54:54 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-09-09 20:54:54 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-09-09 20:54:53 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-09-09 20:54:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-09-09 20:54:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010-09-09 20:54:41 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010-09-09 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

 

[Mustard87]

[2010-09-09 20:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010-09-09 20:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic2
[2010-09-04 15:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Spotify
[2010-09-04 15:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Spotify
[2010-09-04 15:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010-09-04 14:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Malwarebytes
[2010-09-04 14:56:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-09-04 14:56:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-09-04 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-09-04 14:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-09-03 10:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-09-01 19:16:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-08-31 23:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010-08-31 23:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010-08-31 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010-08-31 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010-08-31 23:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010-08-31 23:12:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-08-31 23:12:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-08-31 23:12:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-08-31 23:12:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-08-31 23:12:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-31 23:11:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-08-22 16:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2010-08-22 16:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Boss Media
[2010-08-22 16:32:50 | 000,000,000 | ---D | C] -- C:\Casino
[2010-08-22 14:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010-08-19 17:20:08 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010-08-19 17:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\WINDOWS
[2010-08-19 14:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\My Documents\StarCraft II
[2010-08-18 21:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Fallout3
[2010-08-18 20:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010-08-16 21:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010-08-16 21:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Google
[2010-08-16 21:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Temp
[2010-08-16 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010-08-16 21:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-08-16 21:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Google
[2010-08-13 19:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\2K Games
[2010-08-06 14:13:42 | 000,114,432 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2010-08-06 14:13:42 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010-08-06 14:13:42 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys
[2010-08-06 14:13:42 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2010-08-06 14:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Telia mobile broadband
[2010-07-26 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Personal
[2010-07-26 17:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Personal
[2010-07-24 20:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\comics
[2010-07-24 20:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\pspcomic 0.9.9 beta2
[2010-07-23 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\My Documents\Fiddler2
[2010-07-23 23:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2010-07-23 22:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\.minecraft
[2010-07-23 22:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-07-12 21:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-07-12 21:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\dwhelper
[2010-07-01 11:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ben There Dan That
[2010-06-30 12:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010-06-30 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Mathias Svensson\*.tmp files -> C:\Documents and Settings\Mathias Svensson\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-09-12 21:51:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-12 21:51:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-12 14:35:14 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-12 14:16:23 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Mathias Svensson\NTUSER.DAT
[2010-09-12 12:32:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-12 12:32:17 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-09-12 12:31:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-12 10:08:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mathias Svensson\ntuser.ini
[2010-09-11 23:51:45 | 004,318,268 | -H-- | M] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\IconCache.db
[2010-09-11 23:43:27 | 000,480,213 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\AENfD.jpg
[2010-09-11 23:00:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-09-11 23:00:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-09-11 22:33:30 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\ComboFix.exe
[2010-09-11 22:14:43 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\SystemLook.exe
[2010-09-11 16:18:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-11 13:39:28 | 001,380,015 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\My Documents\Virtual_Piano_Musicsheet_Aug_Sep.pdf
[2010-09-10 12:58:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\Desktop\TFC.exe
[2010-09-09 20:55:10 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010-09-09 20:54:54 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-09-09 18:32:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-09-09 18:32:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-09-09 18:30:44 | 000,163,226 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bookmarks-2010-09-09.json
[2010-09-07 20:47:27 | 000,054,154 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\2ep7jty.jpg
[2010-09-07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010-09-07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-09-07 16:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010-09-07 16:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010-09-07 16:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-09-07 16:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-09-07 16:24:46 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010-09-06 13:02:16 | 003,345,031 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\IMG_1777.JPG
[2010-09-05 14:28:49 | 000,161,432 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bookmarks-2010-09-05.json
[2010-09-04 15:09:38 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Spotify.lnk
[2010-09-04 14:56:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk