Google Virus Won't Go Away!

April 6, 2010 at 14:38:41
Specs: Windows Vista
Hello :)
I've had this google redirect virus for over one week now. Everytime I click on a link from google, it would direct me to a random site which is not related.
I've used Hitman Pro and Malwarebytes to remove any spyware and trojans, but the direct virus is still there. I've had to use Malwarebytes protection module to stop the random redirecting links, however I'm still getting random pop ups and my computer is starting to slow down.

I've used GMER and it says the file nvstor32.sys is a rootkit trojan. I remove it, and it crashes my computer,then it reinstalls itself via windows repair thingy (Can't remember the name sorry lol)

Can you please help?

thank you!


See More: Google Virus Wont Go Away!

Report •


#1
April 6, 2010 at 21:13:34
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Please download Combofix with internet explorer instead of any other browser if possible. If that is not possible use ever which browser is working.

Remember..your Antivirus, Windows Defender and any realtime antispyware such as SuperAntiSpyware, Spybot's TeaTimer, Ad-aware or any other one you may have must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#2
April 7, 2010 at 03:46:39
Thank you for replying.

Here is the DDS Log.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Raza at 11:10:50.79 on 07/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1791.730 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Prevx\prevx.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Raza\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Anti Trojan Elite] c:\program files\anti trojan elite\TJEnder.exe :NO
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\raza\appdata\roaming\mozilla\firefox\profiles\0slk80lr.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\raza\appdata\roaming\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\users\raza\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\raza\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\raza\appdata\roaming\mozilla\firefox\profiles\0slk80lr.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2009-11-11 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-4 52872]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-4-3 30280]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2009-12-4 12800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-4 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-4 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-4 242696]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-4-3 6349008]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-13 303952]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-4-5 53088]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-4 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-11-11 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-11-11 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2009-11-11 27144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-13 20824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-9-5 42528]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-4-5 24368]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]
S2 FlexService;Remote Connections Service;c:\program files\rapidbit\cisvc.exe [2009-5-17 41984]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\hitman pro\hitmanpro2.sys [2007-1-24 10336]
S3 ZDCNDIS5;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [2009-12-4 20736]

=============== Created Last 30 ================

2010-04-07 10:02:05 217155654 ----a-w- c:\windows\MEMORY.DMP
2010-04-06 21:09:05 0 d-----w- c:\program files\Anti Trojan Elite
2010-04-06 20:23:09 2015 ---h--r- c:\windows\system32\drivers\hosts
2010-04-06 10:10:19 0 d-sh--w- C:\found.000
2010-04-06 00:04:00 145440 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2010-04-05 18:34:07 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-05 18:34:06 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-05 18:34:06 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-05 16:07:34 0 d-----w- C:\_OTL
2010-04-05 13:57:34 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-05 13:56:41 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-04-05 13:56:08 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-04 20:31:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-04 16:43:13 4189184 ----a-w- c:\windows\system32\whizcmd.exe
2010-04-04 16:38:33 0 d-----w- c:\windows\system32\EventProviders
2010-04-04 16:16:15 0 d-s---w- C:\ComboFix
2010-04-04 15:40:26 0 d-----w- c:\program files\Safer Networking
2010-04-04 15:19:59 12800 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-04 15:05:13 0 d-----w- c:\users\raza\EurekaLog
2010-04-04 14:48:43 0 d-----w- c:\windows\pss
2010-04-04 13:53:54 0 d-----w- c:\program files\Whizzo
2010-04-04 11:39:54 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 22:48:10 65536 --sha-w- c:\users\raza\ntuser.dat{dda7cf68-3f72-11df-a315-0014a4b072cd}.TM.blf
2010-04-03 22:48:10 524288 --sha-w- c:\users\raza\ntuser.dat{dda7cf68-3f72-11df-a315-0014a4b072cd}.TMContainer00000000000000000002.regtrans-ms
2010-04-03 22:48:10 524288 --sha-w- c:\users\raza\ntuser.dat{dda7cf68-3f72-11df-a315-0014a4b072cd}.TMContainer00000000000000000001.regtrans-ms
2010-04-03 22:02:06 0 d-s---w- C:\ComboFix(2)
2010-04-03 22:01:33 0 d-----w- C:\Qoobox(123)
2010-04-03 20:33:36 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-03 20:32:54 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-03 15:49:46 0 d-----w- c:\users\raza\appdata\roaming\FreeFixer
2010-04-03 15:34:13 0 d-----w- c:\users\raza\appdata\roaming\WinPatrol
2010-04-03 15:33:58 0 d-----w- c:\program files\BillP Studios
2010-04-03 14:07:23 0 d-----w- c:\program files\Online Solutions
2010-04-03 14:07:23 0 d-----w- c:\program files\common files\Online Solutions Shared
2010-04-03 13:51:47 0 d-----w- c:\program files\TrendMicro
2010-04-03 13:44:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-03 13:44:29 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-03 13:44:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-03 13:44:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-03 13:44:29 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-03 13:44:28 0 d-----w- c:\users\raza\appdata\roaming\Simply Super Software
2010-04-03 13:44:28 0 d-----w- c:\programdata\Simply Super Software
2010-04-03 13:44:28 0 d-----w- c:\program files\Trojan Remover
2010-04-03 13:19:20 0 d-----w- c:\program files\Hitman Pro
2010-04-03 13:02:15 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-03 13:02:14 0 d-----w- c:\program files\Prevx
2010-04-03 12:54:02 176 ----a-w- c:\windows\wininit.ini
2010-04-03 12:35:05 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-03 12:35:05 0 d-----w- C:\$RECYCLE(0).BIN
2010-04-03 12:01:44 98816 ----a-w- c:\windows\sed.exe
2010-04-03 12:01:44 77312 ----a-w- c:\windows\MBR.exe
2010-04-03 12:01:44 261632 ----a-w- c:\windows\PEV.exe
2010-04-03 12:01:44 161792 ----a-w- c:\windows\SWREG.exe
2010-04-03 11:26:23 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-02 18:56:08 0 d-----w- c:\users\raza\appdata\roaming\thecleaner
2010-04-02 18:55:23 0 d-----w- c:\program files\The Cleaner
2010-04-02 15:38:29 0 d-----w- c:\program files\Steinberg
2010-04-02 15:38:29 0 d-----w- c:\program files\common files\Digidesign
2010-04-02 15:38:28 0 d-----w- c:\program files\Antares Audio Technologies
2010-04-02 15:22:27 1181022 ----a-w- c:\windows\system32\TmpA16519273
2010-04-02 12:10:02 0 d-----w- c:\program files\Acoustica Mixcraft 5
2010-04-01 18:55:18 0 d-----w- c:\users\raza\appdata\roaming\AutoHideIP
2010-04-01 18:55:18 0 d-----w- c:\programdata\AutoHideIP
2010-04-01 18:54:22 0 d-----w- c:\program files\AutoHideIP
2010-04-01 14:07:22 0 d-----w- c:\program files\Replay Media Catcher
2010-03-14 12:45:19 0 d-----w- c:\programdata\SWiSHMax2WorkFolder
2010-03-14 12:39:04 90112 ----a-w- c:\windows\unvise32.exe
2010-03-14 12:39:01 0 d-----w- c:\program files\common files\SWiSHzone.com
2010-03-14 12:33:20 0 d-----w- c:\program files\SWiSH Max2
2010-03-11 00:58:14 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-11 00:58:13 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe

==================== Find3M ====================

2010-04-06 20:59:35 206 ----a-w- c:\users\raza\appdata\roaming\wklnhst.dat
2010-04-06 20:40:54 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-01 14:08:19 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-01 14:08:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-03-29 14:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 19:51:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 11:49:52 259128 ----a-w- c:\windows\fonts\MASTERPLAN__.otf
2010-03-08 16:02:05 35424 ----a-w- c:\windows\fonts\bankgthd.ttf
2010-03-06 10:03:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-06 10:02:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-06 10:02:34 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-03-06 10:02:21 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-06 10:02:16 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-13 11:30:56 151832 ----a-w- c:\windows\fonts\321impact.ttf
2010-02-04 21:07:06 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-04 21:07:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-04 21:07:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-23 09:44:02 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-06 09:07:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-26 19:31:47 56 --sha-r- c:\windows\system32\419ACEB502.sys
2009-09-26 19:31:51 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:13:15.79 ===============



Report •

#3
April 7, 2010 at 19:38:17
That was half of the DDS log and No Combofix log, we will need the complete logs to continue. You mat need the post them in segments to get all the info to us.

Report •

Related Solutions

#4
April 8, 2010 at 05:03:01
I tried replying but it wouldn't let me for some reason. It kept saying cannot connect to server. I'll try post them now

Report •

#5
April 8, 2010 at 05:04:03
Attach Log.
DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 10/09/2008 19:10:07
System Uptime: 04/07/2010 11:01:32 (-2112 hours ago)

Motherboard: ACER | | MCP73PV
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | SOCKET775 M/B | 2203/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 10.573 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 58.348 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel


Report •

#6
April 8, 2010 at 05:04:22
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: USB Cable Modem 351000
Device ID: USB\VID_0BB2&PID_6098\0014A4B072CD
Manufacturer: brand
Name: USB Cable Modem 351000
PNP Device ID: USB\VID_0BB2&PID_6098\0014A4B072CD
Service: usbcm

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: WsAudioDevice_456
Device ID: ROOT\MEDIA\0000
Manufacturer: WsAudioDevice_456
Name: WsAudioDevice_456
PNP Device ID: ROOT\MEDIA\0000
Service: WsAudioDevice_456

==== System Restore Points ===================

RP611: 05/04/2010 19:16:37 - s---

==== Installed Programs ======================

Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer ScreenSaver
Acoustica Effects Pack
Acoustica Mixcraft 5
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Stock Photos 1.0
Antares Autotune VST RTAS TDM v5.08
Any Video Converter 2.7.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
ArcSoft MediaImpression
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Quick Photo Book
ArcSoft RAW Thumbnail Viewer
ArcSoft Video Downloader
Ares 2.1.1
ATI Catalyst Install Manager
Audacity 1.2.6
Auto Hide IP
AVG 9.0
Azada
BitTorrent
BlackBerry Desktop Software 4.7
Bonjour
BroadJump Client Foundation
Business Contact Manager for Outlook 2007 SP2
Call of Duty Modern Warfare 2
Corel Applications
Corel VideoStudio 12
Data Doctor Recovery Pen Drive 3.0.1.5
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Facebook Plug-In
FileRescue Pro
FLV Player 2.0 (build 25)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
getPlus(R) for Adobe
GTA2
Hazard Perception 2004-2005
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
LG USB Modem driver
LightScribe 1.4.142.1
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Lite 7.9.6.0
NTI Backup NOW! 4.7
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.7.00
OSAM: Online Solutions Autorun Manager v5.0
OtsAV DJ Trial 1.85.001
OtsAV Free 1.77.001
OtsTurntables Free 1.00.027
PowerDirector (Acer DT)
PowerDVD 7.0 with 5.1ch
PowerISO
Programmer's Notepad 2
QuickTime
RapidBIT Suite
RealPlayer
Realtek High Definition Audio Driver
Roxio Media Manager
SA61xx Device Manager
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Shockwave
SoftOrbits Flash Drive Recovery 1.2
Sony Ericsson PC Suite
Sound Recorder Pro 2.1
Spotify
Spybot - Search & Destroy
SWiSH Max2
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Ulead GIF Animator 5 ESD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player Beta
VideoStudio
VLC media player 0.9.8a
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 14.0
Wondershare Audio Recorder(Build 1.1.3.16)


Report •

#7
April 8, 2010 at 05:08:59
==== Event Viewer Messages From Past Week ========

31/03/2010 10:30:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
31/03/2010 10:30:09, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
07/04/2010 11:02:09, Error: EventLog [6008] - The previous system shutdown at 11:00:01 on 07/04/2010 was unexpected.
05/04/2010 20:19:55, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.


Report •

#8
April 8, 2010 at 05:10:29
05/04/2010 17:41:59, Error: EventLog [6008] - The previous system shutdown at 17:38:29 on 05/04/2010 was unexpected.
05/04/2010 16:05:28, Error: EventLog [6008] - The previous system shutdown at 16:01:49 on 05/04/2010 was unexpected.
05/04/2010 15:48:06, Error: EventLog [6008] - The previous system shutdown at 15:45:21 on 05/04/2010 was unexpected.
04/04/2010 18:14:12, Error: EventLog [6008] - The previous system shutdown at 18:08:30 on 04/04/2010 was unexpected.

Report •

#9
April 8, 2010 at 05:14:55
Installation Failure: Windows failed to install the following update with error 0x800b0100: Windows Vista Service Pack 2 (KB948465).
04/04/2010 17:27:15, Error: EventLog [6008] - The previous system shutdown at 17:25:15 on 04/04/2010 was unexpected.

Report •

#10
April 8, 2010 at 05:15:14
04/04/2010 17:27:03, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
04/04/2010 17:11:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

Report •

#11
April 8, 2010 at 05:15:30
04/04/2010 17:11:04, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
04/04/2010 17:09:44, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
04/04/2010 15:37:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Report •

#12
April 8, 2010 at 05:15:48
04/04/2010 15:37:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
04/04/2010 15:36:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD anodlwf AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt NetworkX nsiproxy PSched RasAcd rdbss SCDEmu Smb spldr Tcpip tdx Wanarpv6
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Report •

#13
April 8, 2010 at 05:16:04
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Report •

#14
April 8, 2010 at 05:16:14
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

Report •

#15
April 8, 2010 at 05:16:27
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:36:26, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Report •

#16
April 8, 2010 at 05:16:43
04/04/2010 15:36:14, Error: EventLog [6008] - The previous system shutdown at 15:33:46 on 04/04/2010 was unexpected.
04/04/2010 15:27:13, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
04/04/2010 15:27:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/04/2010 15:27:11, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The SQL Server (MSSMLBIZ) service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The eRecovery Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The eDataSecurity Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:10, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
04/04/2010 15:27:09, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/04/2010 15:01:14, Error: Service Control Manager [7000] - The SpyJacker service failed to start due to the following error: The system cannot find the file specified.
04/04/2010 14:16:02, Error: EventLog [6008] - The previous system shutdown at 14:13:11 on 04/04/2010 was unexpected.
04/04/2010 11:13:22, Error: EventLog [6008] - The previous system shutdown at 11:10:37 on 04/04/2010 was unexpected.
04/04/2010 11:02:48, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
04/04/2010 11:02:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
03/04/2010 23:10:22, Error: EventLog [6008] - The previous system shutdown at 23:07:59 on 03/04/2010 was unexpected.
03/04/2010 22:07:48, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
03/04/2010 22:03:27, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/04/2010 19:15:12, Error: EventLog [6008] - The previous system shutdown at 19:12:10 on 03/04/2010 was unexpected.
03/04/2010 16:55:03, Error: Service Control Manager [7034] - The Prevx Agent service terminated unexpectedly. It has done this 1 time(s).
03/04/2010 16:03:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgTdiX
03/04/2010 16:00:33, Error: EventLog [6008] - The previous system shutdown at 15:57:20 on 03/04/2010 was unexpected.
03/04/2010 15:25:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 NetworkX PXRDDriver SCDEmu spldr Wanarpv6
03/04/2010 13:56:31, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Report •

#17
April 8, 2010 at 05:16:56
03/04/2010 13:14:24, Error: Service Control Manager [7034] - The ePerformance Service service terminated unexpectedly. It has done this 1 time(s).
03/04/2010 13:14:24, Error: Service Control Manager [7031] - The eSettings Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2010 13:03:28, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
03/04/2010 13:00:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/04/2010 13:00:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/04/2010 12:59:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
03/04/2010 12:59:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 NetworkX SCDEmu spldr Wanarpv6
03/04/2010 12:59:14, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2010 12:59:01, Error: EventLog [6008] - The previous system shutdown at 12:55:09 on 03/04/2010 was unexpected.
02/04/2010 21:57:15, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
02/04/2010 21:27:10, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/04/2010 20:58:33, Error: Service Control Manager [7030] - The Ad-Aware 2007 Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/04/2010 20:43:57, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

==== End Of File ===========================


Report •

#18
April 8, 2010 at 05:17:26
Here is the ComboFix Log

ComboFix 10-04-06.03 - Raza 07/04/2010 11:18:25.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1791.605 [GMT 1:00]
Running from: c:\users\Raza\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Raza\Localdir

.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 10:31 . 2010-04-07 10:31 -------- d-----w- c:\users\Raza\AppData\Local\temp
2010-04-07 10:31 . 2010-04-07 10:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-07 10:31 . 2010-04-07 10:31 -------- d-----w- c:\users\Laraib\AppData\Local\temp
2010-04-07 10:31 . 2010-04-07 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-07 10:15 . 2010-04-07 10:15 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-04-06 21:09 . 2010-04-06 21:25 -------- d-----w- c:\program files\Anti Trojan Elite
2010-04-06 10:10 . 2010-04-06 10:10 -------- d-----w- C:\found.000
2010-04-06 00:04 . 2008-06-07 10:13 145440 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2010-04-05 18:34 . 2010-04-05 18:34 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-05 18:34 . 2010-04-05 18:34 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-05 18:34 . 2010-04-05 18:34 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-05 16:07 . 2010-04-05 16:07 -------- d-----w- C:\_OTL
2010-04-05 14:11 . 2010-04-05 14:11 -------- d-----w- c:\users\Laraib\AppData\Roaming\TuneUp Software
2010-04-05 13:57 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-05 13:56 . 2010-04-05 13:57 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-05 13:56 . 2010-04-05 13:56 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-05 10:05 . 2010-04-05 10:05 -------- d-----w- c:\users\Raza\AppData\Local\Sunbelt Software
2010-04-04 20:31 . 2010-04-05 10:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-04 16:43 . 2008-10-24 12:58 4189184 ----a-w- c:\windows\system32\whizcmd.exe
2010-04-04 16:38 . 2010-04-04 16:38 -------- d-----w- c:\windows\system32\EventProviders
2010-04-04 15:40 . 2010-04-04 15:40 -------- d-----w- c:\program files\Safer Networking
2010-04-04 15:19 . 2010-04-06 20:46 12800 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-04 15:05 . 2010-04-04 15:05 -------- d-----w- c:\users\Raza\EurekaLog
2010-04-04 13:53 . 2010-04-05 10:17 -------- d-----w- c:\program files\Whizzo
2010-04-04 11:39 . 2010-04-04 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-04 10:06 . 2010-04-04 10:06 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-03 22:02 . 2010-04-04 14:24 -------- d-----w- C:\ComboFix(2)
2010-04-03 22:01 . 2010-04-03 22:02 -------- d-----w- C:\Qoobox(123)
2010-04-03 20:33 . 2010-04-03 20:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-03 20:32 . 2010-04-03 22:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-03 16:15 . 2010-04-03 16:15 -------- d-----w- c:\users\Laraib\AppData\Roaming\WinPatrol
2010-04-03 16:15 . 2010-04-03 16:15 -------- d-----w- c:\users\Laraib\AppData\Roaming\Prevx
2010-04-03 15:49 . 2010-04-03 15:55 -------- d-----w- c:\users\Raza\AppData\Roaming\FreeFixer
2010-04-03 15:49 . 2010-04-03 15:49 -------- d-----w- c:\users\Raza\AppData\Local\FreeFixer
2010-04-03 15:34 . 2010-04-03 15:34 -------- d-----w- c:\users\Raza\AppData\Roaming\WinPatrol
2010-04-03 15:33 . 2010-04-03 15:33 -------- d-----w- c:\program files\BillP Studios
2010-04-03 14:07 . 2010-04-04 07:34 -------- d-----w- c:\program files\Online Solutions
2010-04-03 14:07 . 2010-04-04 07:34 -------- d-----w- c:\program files\Common Files\Online Solutions Shared
2010-04-03 13:51 . 2010-04-04 07:34 -------- d-----w- c:\program files\TrendMicro
2010-04-03 13:51 . 2010-04-03 13:51 388096 ----a-r- c:\users\Raza\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-03 13:44 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-03 13:44 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-03 13:44 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-03 13:44 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-03 13:44 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-03 13:44 . 2010-04-04 07:34 -------- d-----w- c:\program files\Trojan Remover
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- c:\users\Raza\AppData\Roaming\Simply Super Software
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- c:\programdata\Simply Super Software
2010-04-03 13:19 . 2010-04-04 07:34 -------- d-----w- c:\program files\Hitman Pro
2010-04-03 13:02 . 2010-04-05 18:34 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-03 13:02 . 2010-04-05 18:34 -------- d-----w- c:\program files\Prevx
2010-04-03 12:35 . 2010-04-03 16:15 -------- d-----w- C:\$RECYCLE(0).BIN
2010-04-03 12:35 . 2010-04-04 14:24 -------- d-----w- c:\users\Raza\AppData\Local\temp(82)
2010-04-03 11:26 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-02 18:56 . 2010-04-02 18:56 -------- d-----w- c:\users\Raza\AppData\Roaming\thecleaner
2010-04-02 18:55 . 2010-04-04 07:34 -------- d-----w- c:\program files\The Cleaner
2010-04-02 15:38 . 2010-04-04 07:34 -------- d-----w- c:\program files\Steinberg
2010-04-02 15:38 . 2010-04-02 15:38 -------- d-----w- c:\program files\Common Files\Digidesign
2010-04-02 15:38 . 2010-04-04 07:34 -------- d-----w- c:\program files\Antares Audio Technologies
2010-04-02 12:10 . 2010-04-04 07:34 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2010-04-01 18:55 . 2010-04-04 07:34 -------- d-----w- c:\users\Raza\AppData\Roaming\AutoHideIP
2010-04-01 18:55 . 2010-04-01 18:56 -------- d-----w- c:\programdata\AutoHideIP
2010-04-01 18:54 . 2010-04-04 07:33 -------- d-----w- c:\program files\AutoHideIP
2010-04-01 14:07 . 2010-04-04 07:34 -------- d-----w- c:\users\Raza\AppData\Local\mdnslib
2010-04-01 14:07 . 2010-04-01 14:36 -------- d-----w- c:\users\Raza\AppData\Local\FLVService
2010-04-01 14:07 . 2010-04-02 10:47 -------- d-----w- c:\program files\Replay Media Catcher
2010-03-31 09:35 . 2010-04-06 23:24 0 ----a-w- c:\users\Laraib\AppData\Local\prvlcl.dat
2010-03-28 11:21 . 2010-03-28 11:21 -------- d-----w- c:\users\Laraib\AppData\Roaming\Echo Software
2010-03-24 13:18 . 2010-03-24 13:18 -------- d-----w- c:\users\Laraib\AppData\Roaming\DivX
2010-03-24 13:18 . 2010-03-24 13:18 -------- d-----w- c:\users\Laraib\AppData\Roaming\Acoustica
2010-03-17 17:54 . 2010-03-17 17:54 -------- d-----w- c:\windows\Sun
2010-03-14 12:45 . 2010-03-31 17:00 -------- d-----w- c:\programdata\SWiSHMax2WorkFolder
2010-03-14 12:39 . 2004-03-29 16:23 90112 ----a-w- c:\windows\unvise32.exe
2010-03-14 12:39 . 2010-03-14 12:39 -------- d-----w- c:\program files\Common Files\SWiSHzone.com
2010-03-14 12:33 . 2010-03-14 12:42 -------- d-----w- c:\program files\SWiSH Max2
2010-03-11 00:58 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-11 00:58 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-10 22:27 . 2010-03-10 22:28 20887024 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-10 22:27 . 2010-03-10 22:27 8405312 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-10 22:26 . 2010-03-10 22:26 149000 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-10 22:26 . 2010-03-10 22:26 10309448 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-10 22:25 . 2010-03-10 22:25 79368 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-10 22:25 . 2010-03-10 22:25 64000 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-10 22:25 . 2010-03-10 22:25 52288 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-10 22:25 . 2010-03-10 22:25 50688 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-10 22:25 . 2010-03-10 22:25 49152 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-10 22:25 . 2010-03-10 22:25 118784 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 14:25 . 2010-03-10 14:25 439816 ----a-w- c:\users\Raza\AppData\Roaming\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 23:24 . 2010-02-16 17:40 0 ----a-w- c:\users\Raza\AppData\Local\prvlcl.dat
2010-04-06 20:59 . 2010-02-27 14:55 206 ----a-w- c:\users\Raza\AppData\Roaming\wklnhst.dat
2010-04-06 20:40 . 2010-02-21 20:51 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-06 20:23 . 2010-04-06 20:23 2015 ---h--r- c:\windows\system32\drivers\hosts
2010-04-06 20:16 . 2010-03-07 00:46 1356 ----a-w- c:\users\Raza\AppData\Local\d3d9caps.dat
2010-04-06 12:34 . 2009-05-04 17:30 -------- d-----w- c:\users\Raza\AppData\Roaming\Spotify
2010-04-05 18:34 . 2010-02-16 12:22 -------- d-----w- c:\programdata\PrevxCSI
2010-04-05 16:26 . 2008-12-14 13:27 -------- d-----w- c:\users\Raza\AppData\Roaming\BitTorrent
2010-04-05 13:56 . 2008-12-13 16:55 -------- d-----w- c:\programdata\TuneUp Software
2010-04-05 13:52 . 2010-02-15 17:57 -------- d-----w- c:\program files\Lavasoft
2010-04-05 13:52 . 2010-02-15 17:57 -------- d-----w- c:\programdata\Lavasoft
2010-04-04 14:24 . 2009-11-07 13:58 -------- d-----w- c:\program files\RapidBIT
2010-04-04 14:24 . 2008-04-08 22:27 -------- d-----w- c:\program files\Microsoft Works
2010-04-04 13:11 . 2010-02-15 13:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-04 07:34 . 2009-01-10 21:12 -------- d-----w- c:\users\Raza\AppData\Roaming\vlc
2010-04-04 07:34 . 2008-12-11 18:48 -------- d-----w- c:\users\Raza\AppData\Roaming\Ulead Systems
2010-04-04 07:34 . 2010-01-20 18:50 -------- d-----w- c:\users\Raza\AppData\Roaming\Facebook
2010-04-04 07:34 . 2009-12-11 12:23 -------- d-sh--w- c:\users\Raza\AppData\Roaming\lowsec
2010-04-04 07:34 . 2009-12-07 17:43 -------- d-----w- c:\program files\Sound Recorder Pro
2010-04-04 07:34 . 2009-04-12 20:22 -------- d-----w- c:\program files\VST
2010-04-04 07:34 . 2008-12-13 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 07:34 . 2009-04-12 20:28 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-04-01 14:08 . 2009-01-17 16:49 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-01 14:08 . 2009-01-17 16:49 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-01 09:59 . 2010-02-16 14:58 143712 ----a-w- c:\users\Laraib\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 16:42 . 2010-02-16 18:02 143712 ----a-w- c:\users\Raza\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 16:38 . 2008-04-08 22:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 14:24 . 2008-12-13 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:24 . 2008-12-13 16:50 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 19:51 . 2008-12-05 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 19:33 . 2008-12-09 15:29 -------- d-----w- c:\programdata\WinZip
2010-03-13 11:00 . 2010-02-14 12:47 -------- d-----w- c:\users\Laraib\AppData\Roaming\BitTorrent
2010-03-11 09:42 . 2008-04-08 22:25 -------- d-----w- c:\programdata\Microsoft Help
2010-03-07 00:46 . 2010-03-07 00:46 552 ----a-w- c:\users\Raza\AppData\Local\d3d8caps.dat
2010-03-06 10:30 . 2010-02-16 17:43 -------- d-----w- c:\programdata\Hitman Pro
2010-03-06 10:03 . 2009-11-04 16:14 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-06 10:02 . 2010-03-05 10:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-06 10:02 . 2009-11-04 16:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-06 10:02 . 2009-11-11 10:00 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-03-06 10:02 . 2009-11-04 16:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-06 10:02 . 2009-11-04 16:14 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-28 21:50 . 2010-01-20 18:50 50354 ----a-w- c:\users\Raza\AppData\Roaming\Facebook\uninstall.exe
2010-02-27 14:55 . 2010-02-27 14:55 -------- d-----w- c:\users\Raza\AppData\Roaming\Template
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\Raza\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\Raza\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-23 06:39 . 2010-03-31 09:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 09:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 09:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 04:28 . 2010-01-16 14:59 -------- d-----w- c:\program files\iTunes
2010-02-20 15:50 . 2010-02-20 15:50 -------- d-----w- c:\program files\iPhoneBrowser
2010-02-20 15:48 . 2010-02-20 15:48 -------- d-----w- c:\program files\WinSCP
2010-02-17 03:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-02-17 03:25 . 2009-08-15 21:24 -------- d-----w- c:\program files\Bonjour
2010-02-17 03:24 . 2009-12-08 20:28 -------- d-----w- c:\program files\Wondershare
2010-02-17 03:24 . 2009-02-07 13:28 -------- d-----w- c:\program files\ArcSoft
2010-02-16 17:24 . 2010-02-16 16:52 -------- d-----w- c:\programdata\PC Tools
2010-02-16 16:28 . 2010-02-16 16:28 -------- d-----w- c:\programdata\XoftSpySE
2010-02-16 13:38 . 2010-02-16 13:38 -------- d-----w- c:\users\Laraib\AppData\Roaming\Malwarebytes
2010-02-15 20:42 . 2010-02-15 20:42 -------- d-----w- c:\program files\IObit
2010-02-15 13:06 . 2009-11-02 11:56 -------- d-----w- c:\programdata\avg9
2010-02-14 13:10 . 2008-04-08 22:46 -------- d-----w- c:\program files\Acer GameZone
2010-02-14 13:02 . 2009-02-07 13:28 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-14 13:00 . 2010-02-14 13:00 -------- d-----w- c:\users\Laraib\AppData\Roaming\ArcSoft
2010-02-12 15:46 . 2010-02-12 15:46 -------- d-----w- c:\users\Laraib\AppData\Roaming\Facebook
2010-02-10 19:07 . 2010-02-10 16:40 -------- d-----w- c:\users\Laraib\AppData\Roaming\Apple Computer
2010-02-10 16:31 . 2010-02-10 16:31 -------- d-----w- c:\users\Laraib\AppData\Roaming\Sony Ericsson
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Raza\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-24 11:54 . 2010-02-16 19:40 1912832 ----a-w- c:\users\Raza\AppData\Roaming\Mozilla\Firefox\Profiles\0slk80lr.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch192.dll
2010-01-24 11:54 . 2010-02-16 19:40 1916928 ----a-w- c:\users\Raza\AppData\Roaming\Mozilla\Firefox\Profiles\0slk80lr.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch191.dll
2010-01-24 11:54 . 2010-02-16 19:40 1912832 ----a-w- c:\users\Raza\AppData\Roaming\Mozilla\Firefox\Profiles\0slk80lr.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch.dll
2010-01-23 09:44 . 2010-02-24 09:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-16 14:52 . 2010-01-16 14:52 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-16 14:47 . 2010-01-16 14:47 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-26 19:31 . 2009-09-22 16:57 56 --sha-r- c:\windows\System32\419ACEB502.sys
2009-09-26 19:31 . 2009-09-22 16:50 3766 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-01-21 02:32 . 09D08DA67E62A2AB01DAD0D44D4EFECC . 35384 . . [------] . . c:\windows\System32\drivers\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
[7] 2008-01-21 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[7] 2006-11-02 . 1A48765F92BA1A88445FC25C9C9D94FC . 32872 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-8 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"UVS12 Preload"=c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [2009-05-17 41984]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [2006-11-03 10336]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 WsAudioDevice_456;WsAudioDevice_456;c:\windows\system32\drivers\WsAudioDevice_456.sys [x]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-06 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-06 52872]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-04-05 30280]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-06 216200]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-06 242696]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-06 308064]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2010-04-05 6349008]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-04-05 53088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-06 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-06 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-06 27144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-04-05 24368]
S3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\User_Feed_Synchronization-{5FBADFB1-FF62-4C95-BCEF-5401839CB59E}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Raza\AppData\Roaming\Mozilla\Firefox\Profiles\0slk80lr.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Raza\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\users\Raza\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Raza\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Raza\AppData\Roaming\Mozilla\Firefox\Profiles\0slk80lr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 11:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86255AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8759c322
\Driver\ACPI -> acpi.sys @ 0x87495d4c
\Driver\atapi -> ataport.SYS @ 0x807b39a8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5456)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2010-04-07 11:36:06
ComboFix-quarantined-files.txt 2010-04-07 10:35

Pre-Run: 11,170,910,208 bytes free
Post-Run: 11,206,987,776 bytes free

- - End Of File - - CCB39C2112AC48EB0F0E43EA40166A40


Report •

#19
April 9, 2010 at 16:07:05
Download and run combofix, this will sort it, 100% sure.

Combofix: http://download.bleepingcomputer.co...


Report •

#20
April 10, 2010 at 07:26:47
I ran Combofix but it gave me the Blue Screen of Death after five minutes :(

Report •

#21
April 10, 2010 at 09:57:32
Combofix most likely blue screened because you did not disable Window Defender.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller

1. Extract the contents of TDSSKiller.zip to your Desktop.

2. Double click on TDSSKiller.exe to run it.

3. If it finds something and asks you what to do, follow the instructions to type in "delete".

4. When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.


Report •

#22
April 10, 2010 at 11:58:45
I ran TDSSKiller and it found the nvstor32.sys file infected. So I restarted it to delete it as it told me to. However, my computer wouldn't start afterwards. So I had to do a system restore. I never got a log file either. Should I run Combofix again, this time I'll disable Windows Defender?

Thank you for replying :)


Report •

#23
April 10, 2010 at 17:13:11
What did the computer do when it tried to start after running TDSSKiller.

Uninstall combofix and redownload it and be sure to use internet explorer instead of firefox to download load it.

You will need to go to run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Your Antivirus, Windows Defender and Spybot's TeaTimer must be tuned off or Combofix will not work properly.


Report •

#24
April 11, 2010 at 02:18:30
nternet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.746 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlbccoms.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\melanie\AppData\Roaming\U3\0774231168D33B18\LaunchPad.exe
C:\Users\melanie\AppData\Local\SuperslotsCasino\Bin\CasinoApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe


Report •

#25
April 11, 2010 at 02:19:09
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WerFault.exe
C:\Users\melanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0XK0P43\dds[1].scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLL
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\blingee plus\tbhelper.dll
mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLL
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BlingeeTb Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\blingee plus\blingeetb.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLL
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Blingee Toolbar: {d1121fe0-0145-44c9-aa35-72071ac20a9b} - c:\program files\blingee plus\blingeetb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll


Report •

#26
April 11, 2010 at 02:19:58
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\melanie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
uRun: [CyberDefender Registry Cleaner] c:\program files\cyberdefender\registry cleaner\Startcdrc.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\melanie\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3

\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolba...
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D1121FE0-0145-44C9-AA35-72071AC20A9B} - hxxp://downloads.blingee.com/toolbar/blingeeplus_setup_a_1.0.0.5.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============


Report •

#27
April 11, 2010 at 02:20:36
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-10 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-30 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-30 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-30 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-10 112592]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\3.bin\mwssvc.exe [2010-3-13 28762]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-10 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-10 1141712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-19 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 gupdate1ca783eff5a159d;Google Update Service (gupdate1ca783eff5a159d);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 133104]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]

=============== Created Last 30 ================

2010-04-11 03:23:45 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-11 03:23:45 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-11 03:23:45 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-04-11 03:23:45 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-11 03:23:45 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-11 03:23:45 131 ----a-w- c:\windows\IDB.zip
2010-04-11 03:23:45 1152444 ----a-w- c:\windows\UDB.zip
2010-04-11 03:23:44 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-11 03:23:44 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-11 03:23:44 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-04-11 03:22:08 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-11 03:22:08 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-11 03:22:08 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-04-11 03:21:42 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-11 03:21:42 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-11 03:21:42 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-11 03:21:42 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-11 03:21:16 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-11 03:21:16 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-11 03:21:05 0 d-----w- c:\users\melanie\appdata\roaming\PC Tools
2010-04-11 03:21:05 0 d-----w- c:\programdata\PC Tools
2010-04-11 03:21:05 0 d-----w- c:\program files\Spyware Doctor
2010-04-11 03:21:05 0 d-----w- c:\program files\common files\PC Tools
2010-04-03 07:32:57 524288 --sha-w- c:\users\melanie\ntuser.dat{084940d9-3dc7-11df-ac2b-001f165415ca}.TMContainer00000000000000000002.regtrans-ms
2010-04-03 07:32:57 524288 --sha-w- c:\users\melanie\ntuser.dat{084940d9-3dc7-11df-ac2b-001f165415ca}.TMContainer00000000000000000001.regtrans-ms
2010-04-03 07:32:56 65536 --sha-w- c:\users\melanie\ntuser.dat{084940d9-3dc7-11df-ac2b-001f165415ca}.TM.blf
2010-04-02 19:07:52 0 d-----w- c:\windows\system32\RsFx
2010-04-02 18:58:15 0 d-----w- c:\program files\Microsoft SQL Server
2010-04-02 18:49:38 0 d-----w- c:\program files\common files\Merge Modules
2010-03-27 03:24:31 0 d-----w- c:\program files\SlotsJackpot
2010-03-23 18:48:11 0 d-----w- c:\program files\Microsoft
2010-03-23 18:47:59 0 d-----w- c:\program files\MSN Toolbar
2010-03-23 18:47:01 0 d-----w- c:\program files\MSN Toolbar Installer
2010-03-22 08:38:37 0 d-----w- c:\program files\Invoke Solutions
2010-03-19 22:00:04 0 d-----w- c:\program files\Lucky Palm Casino
2010-03-19 11:28:49 0 d-----w- c:\users\melanie\appdata\roaming\Vegascasino21
2010-03-19 11:28:49 0 d-----w- c:\programdata\Vegascasino21
2010-03-19 11:28:21 0 d-----w- c:\program files\Vegascasino21
2010-03-13 22:50:20 0 d-----w- c:\program files\Gamevance
2010-03-13 19:11:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================


Report •

#28
April 11, 2010 at 02:21:05
2010-04-09 22:52:06 32061 ----a-w- c:\programdata\nvModes.dat
2010-04-06 10:02:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-06 10:02:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-06 10:02:28 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-13 20:07:47 32768 ----a-w- c:\windows\system32\f3PSSavr.scr
2010-03-13 19:11:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:09:12 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 16:22:39 344 ----a-w- c:\users\melanie\appdata\roaming\wklnhst.dat
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-27 07:23:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-19 07:32:27 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 10:17:16 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-08-11 16:56:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:11:13.51 ===============


Report •

#29
April 11, 2010 at 02:30:29
Thank you sooooo very much ,The prior posts are from my fix ,I hope it worked thanks again.. You guys are great.. ANGELS ON YOUR SHOULDERS. peace

Report •

#30
April 11, 2010 at 13:16:56
It gave me a black screen. So I restarted it and pressed f8 to access last known good configuration.
I'll download Combofix from I.E, disable my anti virus's etc and will repost.

BTW Angels---e! Thanks for interrupting my thread!

Report •

Ask Question