[Active] Ive still got adware ive tried every thing please help :)

superbloom · #1 (**permalink**) 07-11-2009, 01:34 PM

Hiya ive got adware if i open a google link it gives me a random ad page so of which are detected by avg as trying to instal malware or it will open tabs at random when im on a website with ad sites or open a new window on firefox with 10 tabs "saying sorry link not found" and other adsites.
ive deleted my temp files ive scaned with avg, malbytes, spybot and adaware and its still happening.
ive got a hijack this log but no idea what it mean and wondering if anyone could help me
ive also tryed reinstaling firefox.

:Logfile of Trend Micro HijackThis v2.0.2:
Scan saved at 12:14:43, on 07/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10619 bytes

Any help would be so much apreciated but i dont reli wanna use combofix thanks guys.

superbloom · #2 (**permalink**) 07-11-2009, 04:07 PM

Ive also now tried combofix with no evident solution its still happening so i have no idea what to do can some one please help.

ComboFix 09-11-06.03 - Ash 07/11/2009 14:15.1.2 - NTFSx86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2814.1549 [GMT 0:00]
Running from: c:\users\Ash\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1403775536-3139281639-1890282110-500
c:\$recycle.bin\S-1-5-21-3926210305-1454408057-3256566471-500
c:\users\Ash\AppData\Roaming\Desktopicon

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 14:44 . 2009-11-07 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-07 13:19 . 2009-11-07 13:38 -------- d-----w- c:\users\Ash\DoctorWeb
2009-11-07 13:15 . 2009-11-06 23:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-07 00:17 . 2009-11-07 00:17 -------- d-----w- c:\users\Ash\AppData\Roaming\Malwarebytes
2009-11-07 00:17 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 00:17 . 2009-11-07 00:17 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 00:17 . 2009-11-07 00:17 -------- d-----w- c:\programdata\Malwarebytes
2009-11-07 00:17 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 00:01 . 2009-11-07 00:01 -------- d-----w- c:\program files\Trend Micro
2009-11-06 23:35 . 2009-11-06 23:35 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-06 23:35 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-06 23:35 . 2009-11-06 23:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-06 23:33 . 2009-11-06 23:33 640608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-06 23:33 . 2009-11-06 23:33 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-06 23:33 . 2009-11-06 23:33 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-06 23:33 . 2009-11-06 23:33 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-06 23:33 . 2009-11-06 23:33 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-06 23:33 . 2009-11-06 23:33 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-06 23:32 . 2009-11-06 23:32 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-06 23:32 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-06 23:31 . 2009-11-06 23:35 -------- d-----w- c:\programdata\Lavasoft
2009-11-06 23:31 . 2009-11-06 23:31 -------- d-----w- c:\program files\Lavasoft
2009-11-06 22:57 . 2009-11-06 22:57 177024 ----a-w- c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\FlashGot.exe
2009-11-06 22:57 . 2009-10-20 13:33 545280 ----a-w- c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\libs\PicLensHelper.exe
2009-11-06 22:57 . 2009-10-20 13:33 103424 ----a-w- c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\libs\pixomatic.dll
2009-11-06 22:57 . 2009-10-20 13:33 4716544 ----a-w- c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\components\cooliris.dll
2009-11-06 22:57 . 2009-10-20 13:33 344064 ----a-w- c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\libs\LaunchCooliris.exe
2009-11-06 22:57 . 2009-10-20 13:33 153600 ----a-w- c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\plugins\npcoolirisplugin.dll
2009-11-06 17:02 . 2009-11-06 17:25 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-06 17:02 . 2009-11-06 17:02 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\programdata\WinMount
2009-11-01 14:13 . 2009-11-01 14:13 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-01 02:27 . 2009-11-01 02:27 4096 d-----w- c:\program files\WinMount
2009-10-30 10:43 . 2009-10-30 10:43 547632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll
2009-10-30 01:02 . 2009-10-30 01:04 -------- d-----w- c:\users\Ash\AppData\Roaming\ImgBurn
2009-10-30 00:49 . 2009-10-30 00:49 4096 d-----w- c:\program files\ImgBurn
2009-10-29 22:13 . 2000-06-23 14:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-10-29 22:13 . 2000-06-22 13:09 56320 ------w- c:\windows\system32\iyvu9_32.dll
2009-10-29 22:13 . 2009-10-29 22:13 -------- d-----w- c:\program files\Ligos
2009-10-29 14:33 . 2009-10-29 23:10 -------- d-----r- c:\users\Ash\Virtual Machines
2009-10-29 14:26 . 2009-10-29 14:26 -------- d-----w- c:\program files\Windows Virtual PC
2009-10-29 14:20 . 2009-10-29 14:21 4096 d-----w- c:\program files\Windows XP Mode
2009-10-29 14:20 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-10-29 14:19 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-10-29 14:19 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-10-29 14:19 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-10-29 14:19 . 2009-09-23 01:19 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-10-29 14:19 . 2009-09-23 01:18 2169856 ----a-w- c:\windows\system32\VPCWizard.exe
2009-10-29 14:19 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-10-29 14:19 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-10-29 14:19 . 2009-09-23 01:18 1002496 ----a-w- c:\windows\system32\VMWindow.exe
2009-10-29 14:19 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe
2009-10-29 14:19 . 2009-09-23 01:18 3329536 ----a-w- c:\windows\system32\vpc.exe
2009-10-29 13:36 . 2009-10-29 13:36 0 ----a-w- c:\windows\PowerReg.dat
2009-10-29 13:31 . 2009-10-30 02:01 4096 d-----w- c:\program files\Grandia2
2009-10-29 13:27 . 2009-10-29 13:40 -------- d-----w- c:\users\Ash\AppData\Roaming\WinMount
2009-10-29 13:27 . 2009-11-01 02:26 32384 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2009-10-29 12:18 . 2009-10-29 12:18 4096 d-----w- c:\program files\7-Zip
2009-10-29 11:34 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-29 11:24 . 2009-10-29 11:44 -------- d-----w- c:\program files\ElcomSoft
2009-10-29 11:13 . 2009-10-29 11:13 -------- d-----w- c:\program files\Intelore
2009-10-28 03:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-28 03:14 . 2009-10-28 03:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore\Microsoft.MediaCenter.Sports.UI. dll
2009-10-28 03:14 . 2009-10-28 03:14 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2009-10-28 03:14 . 2009-10-28 03:14 547632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-10-28 03:01 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-28 03:01 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-28 03:01 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-28 03:01 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-28 03:01 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-10-28 03:01 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-28 03:01 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-28 03:01 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-28 03:01 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-28 03:01 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-28 02:57 . 2009-10-28 02:57 -------- d-----w- c:\users\Ash\AppData\Roaming\Speak-A-Message
2009-10-28 02:49 . 2009-10-28 02:49 -------- d-----w- c:\users\Ash\AppData\Roaming\Inventivio
2009-10-28 00:35 . 2009-10-27 18:10 8192 d-----w- c:\windows\Panther
2009-10-28 00:18 . 2009-10-27 17:53 -------- d-----w- C:\$WINDOWS.~Q
2009-10-28 00:02 . 2009-10-28 00:12 -------- d-----w- C:\$INPLACE.~TR
2009-10-27 20:31 . 2009-10-27 20:31 -------- d-----w- C:\NVIDIA
2009-10-27 19:31 . 2009-10-27 19:31 4096 d-----w- c:\program files\SystemRequirementsLab
2009-10-27 19:30 . 2009-10-27 19:31 -------- d-----w- c:\users\Ash\AppData\Roaming\SystemRequirementsLab
2009-10-27 19:30 . 2009-10-27 19:30 290816 ----a-w- c:\users\Ash\AppData\Roaming\SystemRequirementsLab \SRLProxy_nvd_4.dll
2009-10-27 19:30 . 2009-10-27 19:30 290816 ----a-w- c:\users\Ash\AppData\Roaming\SystemRequirementsLab \SRLProxy_nvd_3.dll
2009-10-27 19:30 . 2009-10-27 19:30 290816 ----a-w- c:\users\Ash\AppData\Roaming\SystemRequirementsLab \SRLProxy_nvd_2.dll
2009-10-27 19:30 . 2009-10-27 19:30 290816 ----a-w- c:\users\Ash\AppData\Roaming\SystemRequirementsLab \SRLProxy_nvd_1.dll
2009-10-27 18:13 . 2009-10-27 18:13 84224 ----a-w- c:\users\Ash\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-27 18:12 . 2009-11-06 21:59 -------- d-----w- c:\windows\system32\wbem\Performance
2009-10-27 18:10 . 2009-10-27 18:10 -------- d-----w- C:\Recovery
2009-10-27 17:48 . 2009-10-27 17:48 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-27 17:41 . 2009-10-27 17:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-27 16:40 . 2009-10-27 16:40 -------- d-----w- c:\program files\Synaptics
2009-10-27 16:40 . 2008-07-11 18:31 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 16:39 . 2009-10-27 16:48 4096 d-----w- c:\program files\CONEXANT
2009-10-27 16:39 . 2009-08-21 13:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-27 12:42 . 2009-10-27 17:34 -------- d-----w- c:\users\Ash\AppData\Local\Microsoft Corporation
2009-10-27 12:40 . 2009-10-27 17:02 4096 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-27 11:01 . 2009-10-27 16:48 -------- d-----w- c:\program files\CPUID
2009-10-27 11:01 . 2009-03-27 01:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-10-27 00:08 . 2009-10-27 17:34 -------- d-----w- c:\users\Ash\AppData\Roaming\Blitware
2009-10-27 00:04 . 2009-10-27 17:07 -------- d-----w- c:\programdata\UAB
2009-10-27 00:04 . 2009-10-27 17:07 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-10-27 00:04 . 2009-10-27 17:34 -------- d-----w- c:\users\Ash\AppData\Local\PC_Drivers_Headquarters
2009-10-26 21:54 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-10-26 21:54 . 2006-07-28 09:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-10-26 21:54 . 2006-07-28 09:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-10-26 21:53 . 2005-05-26 15:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-26 21:50 . 2009-10-27 20:35 12288 d-----w- c:\program files\AGEIA Technologies
2009-10-26 21:50 . 2009-10-27 17:09 -------- d-----w- c:\windows\system32\AGEIA
2009-10-26 21:49 . 2009-10-27 20:35 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 17:42 . 2009-10-27 16:51 -------- d-----w- c:\program files\danny_kay1710
2009-10-25 13:18 . 2009-10-27 17:34 -------- d-----w- c:\users\Ash\AppData\Local\Apps
2009-10-23 23:01 . 2009-10-23 23:01 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\Resour ceCache.dll
2009-10-23 23:00 . 2009-10-23 23:00 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCac he.dll
2009-10-23 00:44 . 2009-10-27 17:00 -------- d-----w- c:\program files\Microsoft Help
2009-10-23 00:41 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-10-23 00:40 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-10-23 00:39 . 2009-10-23 00:39 -------- d-----w- c:\windows\system32\RsFx
2009-10-23 00:38 . 2009-10-27 17:02 4096 d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-23 00:38 . 2009-10-27 17:09 -------- d-----w- c:\windows\system32\1033
2009-10-23 00:20 . 2009-10-27 17:01 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-23 00:19 . 2009-10-27 17:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-23 00:19 . 2009-10-27 17:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-10-23 00:19 . 2009-10-27 17:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-07 13:43 . 2009-08-12 02:34 8192 d-----w- c:\users\Ash\AppData\Roaming\uTorrent
2009-11-06 23:55 . 2008-10-26 11:06 4096 d-----w- c:\program files\Java
2009-11-03 01:06 . 2008-10-26 09:45 16384 d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 00:47 . 2009-07-14 04:52 4096 d-----w- c:\program files\Microsoft Games
2009-11-02 20:42 . 2009-10-02 18:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 14:22 . 2009-08-03 01:26 4096 d-----w- c:\users\Ash\AppData\Roaming\Winamp
2009-11-01 14:15 . 2009-08-03 01:13 8192 d-----w- c:\program files\Winamp
2009-10-29 19:44 . 2009-08-03 00:38 -------- d-----w- c:\users\Ash\AppData\Roaming\Template
2009-10-27 20:41 . 2009-03-14 04:56 -------- d-----w- c:\programdata\NVIDIA
2009-10-27 19:31 . 2009-10-27 19:18 27649 ----a-w- c:\programdata\nvModes.dat
2009-10-27 17:35 . 2009-08-02 00:39 -------- d-----w- c:\users\Ash\AppData\Roaming\WildTangent
2009-10-27 17:35 . 2009-08-12 02:12 -------- d--h--r- c:\users\Ash\AppData\Roaming\SecuROM
2009-10-27 17:35 . 2009-08-03 09:00 -------- d-----w- c:\users\Ash\AppData\Roaming\Soldat
2009-10-27 17:35 . 2009-09-30 23:00 4096 d-----w- c:\users\Ash\AppData\Roaming\muvee Technologies
2009-10-27 17:35 . 2009-09-16 04:04 -------- d-----w- c:\users\Ash\AppData\Roaming\Samsung
2009-10-27 17:35 . 2009-08-26 03:01 -------- d-----w- c:\users\Ash\AppData\Roaming\Red Alert 3 Uprising
2009-10-27 17:35 . 2009-08-12 02:12 -------- d-----w- c:\users\Ash\AppData\Roaming\Red Alert 3
2009-10-27 17:34 . 2009-08-03 01:22 -------- d-----w- c:\users\Ash\AppData\Roaming\Media Player Classic
2009-10-27 17:34 . 2009-09-21 19:46 8192 d-----w- c:\users\Ash\AppData\Roaming\LimeWire
2009-10-27 17:34 . 2009-08-14 01:37 -------- d-----w- c:\users\Ash\AppData\Roaming\Crayon Physics Deluxe
2009-10-27 17:34 . 2009-08-04 13:03 -------- d-----w- c:\users\Ash\AppData\Roaming\IObit
2009-10-27 17:34 . 2009-08-02 00:31 -------- d-----w- c:\users\Ash\AppData\Roaming\Hewlett-Packard
2009-10-27 17:34 . 2009-08-02 00:23 -------- d-----w- c:\users\Ash\AppData\Roaming\HP TCS
2009-10-27 17:34 . 2009-08-14 02:50 -------- d-----w- c:\users\Ash\AppData\Roaming\Braid
2009-10-27 17:34 . 2009-08-08 23:12 -------- d-----w- c:\users\Ash\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-10-27 17:08 . 2008-10-26 10:49 4096 d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-10-27 17:07 . 2008-10-26 10:04 16384 d-----w- c:\programdata\WildTangent
2009-10-27 17:07 . 2009-09-30 03:54 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-27 17:07 . 2009-09-28 22:37 -------- d-----w- c:\programdata\pdf995
2009-10-27 17:07 . 2008-10-26 09:48 -------- d-----w- c:\programdata\Symantec
2009-10-27 17:07 . 2008-10-26 09:47 -------- d-----w- c:\programdata\NortonInstaller
2009-10-27 17:07 . 2009-09-30 23:01 -------- d-----w- c:\programdata\muvee Technologies
2009-10-27 17:07 . 2008-10-26 10:47 16384 d-----w- c:\programdata\Microsoft Help
2009-10-27 17:07 . 2008-10-26 09:47 -------- d-----w- c:\programdata\Norton
2009-10-27 17:07 . 2009-08-03 00:45 -------- d-----w- c:\programdata\Macrovision
2009-10-27 17:05 . 2009-08-02 00:33 -------- d-----w- c:\programdata\LightScribe
2009-10-27 17:05 . 2008-10-26 09:45 4096 d-----w- c:\programdata\Hewlett-Packard
2009-10-27 17:05 . 2009-08-03 01:27 -------- d-----w- c:\programdata\Farbs
2009-10-27 17:05 . 2008-10-26 10:54 4096 d-----w- c:\programdata\CyberLink
2009-10-27 17:05 . 2009-08-04 08:35 4096 d-----w- c:\programdata\avg8
2009-10-27 17:05 . 2009-03-14 04:07 -------- d-----w- c:\programdata\Atheros
2009-10-27 17:04 . 2008-10-26 11:05 -------- d-----w- c:\programdata\AOL
2009-10-27 17:04 . 2009-08-16 13:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-27 17:04 . 2009-08-16 13:31 4096 d-----w- c:\program files\Windows Live
2009-10-27 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-27 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-27 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-27 17:04 . 2009-08-03 01:13 4096 d-----w- c:\program files\VideoGet
2009-10-27 17:04 . 2009-09-30 23:54 4096 d-----w- c:\program files\vd
2009-10-27 17:04 . 2009-08-12 02:34 -------- d-----w- c:\program files\uTorrent
2009-10-27 17:04 . 2009-08-03 08:55 4096 d-----w- c:\program files\Unlocker
2009-10-27 17:03 . 2009-09-30 23:03 -------- d-----w- c:\program files\Sonic Foundry
2009-10-27 17:03 . 2009-08-03 23:00 4096 d-----w- c:\program files\SoulseekNS
2009-10-27 17:03 . 2009-08-03 01:11 8192 d-----w- c:\program files\Soldat
2009-10-27 17:03 . 2008-10-26 11:10 32768 d-----w- c:\program files\SMINST
2009-10-27 17:03 . 2009-09-16 03:13 -------- d-----w- c:\program files\Samsung
2009-10-27 17:00 . 2009-08-16 13:31 -------- d-----w- c:\program files\Microsoft
2009-10-27 17:00 . 2009-08-03 01:04 4096 d-----w- c:\program files\Messenger Plus! Live
2009-10-27 17:00 . 2009-08-03 08:56 4096 d-----w- c:\program files\Macromedia
2009-10-27 17:00 . 2009-08-03 01:18 -------- d-----w- c:\program files\Media Player Classic
2009-10-27 17:00 . 2009-08-03 01:18 8192 d-----w- c:\program files\luaplayer
2009-10-27 17:00 . 2009-08-03 01:04 24576 d-----w- c:\program files\LimeWire
2009-10-27 17:00 . 2009-08-03 08:51 4096 d-----w- c:\program files\K-Lite Codec Pack
2009-10-27 17:00 . 2009-08-04 01:25 -------- d-----w- c:\program files\JDownloader 0.6.193
2009-10-27 16:59 . 2008-10-26 11:10 4096 d-----w- c:\program files\HP
2009-10-27 16:58 . 2008-10-26 09:45 -------- d-----w- c:\program files\Hewlett-Packard Company
2009-10-27 16:58 . 2008-10-26 09:30 4096 d-----w- c:\program files\Hewlett-Packard
2009-10-27 16:53 . 2009-08-03 01:02 4096 d-----w- c:\program files\Gish
2009-10-27 16:52 . 2009-08-08 22:39 4096 d-----w- c:\program files\Electronic Arts
2009-10-27 16:51 . 2009-09-30 23:02 -------- d-----w- c:\program files\DebugMode
2009-10-27 16:51 . 2008-10-26 10:54 4096 d-----w- c:\program files\CyberLink
2009-10-27 16:48 . 2009-08-14 01:36 8192 d-----w- c:\program files\Crayon Physics Deluxe
2009-10-27 16:48 . 2009-08-16 13:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-27 16:48 . 2009-03-14 04:49 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-27 16:45 . 2009-08-03 23:58 -------- d-----w- c:\program files\!KillBox
2009-10-27 16:40 . 2009-10-27 16:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
2009-10-27 16:39 . 2009-10-27 16:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
2009-10-07 05:31 . 2009-10-07 05:31 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
2009-10-07 02:44 . 2009-10-07 02:44 767312 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2009-10-07 00:21 . 2009-10-07 00:21 80704 ----a-w- c:\windows\system32\mfcm100u.dll
2009-10-07 00:21 . 2009-10-07 00:21 80192 ----a-w- c:\windows\system32\mfcm100.dll
2009-10-07 00:21 . 2009-10-07 00:21 767296 ----a-w- c:\windows\system32\msvcr100.dll
2009-10-07 00:21 . 2009-10-07 00:21 4371264 ----a-w- c:\windows\system32\mfc100u.dll
2009-10-07 00:21 . 2009-10-07 00:21 4344640 ----a-w- c:\windows\system32\mfc100.dll
2009-10-07 00:21 . 2009-10-07 00:21 424256 ----a-w- c:\windows\system32\msvcp100.dll
2009-10-07 00:21 . 2009-10-07 00:21 138048 ----a-w- c:\windows\system32\atl100.dll
2009-09-29 17:37 . 2009-09-28 22:37 60 ----a-w- c:\windows\wpd99.drv
2009-09-29 06:10 . 2009-09-28 17:34 -------- d-----w- c:\users\Ash\AppData\Roaming\PSPDocMaker
2009-09-28 22:37 . 2009-09-28 22:37 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-09-28 22:37 . 2009-09-28 22:37 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-09-16 04:03 . 2009-09-16 03:56 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-08-30 04:57 . 2009-08-30 04:57 234328 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2009-08-19 13:35 . 2009-08-19 13:35 9787488 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-19 13:35 . 2009-08-19 13:35 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-19 13:35 . 2009-08-19 13:35 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-19 13:35 . 2009-08-19 13:35 3197952 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-19 13:35 . 2009-08-19 13:35 256544 ----a-w- c:\windows\system32\nvdecodemft.dll
2009-08-19 13:35 . 2009-08-19 13:35 1740800 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-19 13:35 . 2009-08-19 13:35 155648 ----a-w- c:\windows\system32\nvcod163.dll
2009-08-19 13:35 . 2009-08-19 13:35 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2009-07-14 01:26 . C8F1CA2B88404DE337B3E50E3EB159C3 . 21584 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\msh dc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

c:\windows\system32\cngaudit.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-19 289072]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2007-12-24 222504]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [06/11/2009 23:35 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04/08/2009 08:39 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/08/2009 08:39 108552]
R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\System32\drivers\vpcnfltr.sys [29/10/2009 14:19 55040]
R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\System32\drivers\vpcvmm.sys [29/10/2009 14:19 294912]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [13/07/2009 23:52 48128]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\AVG\AVG8\avgemc.exe [04/08/2009 08:35 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\program files\AVG\AVG8\avgwdsvc.exe [04/08/2009 08:35 297752]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz13 2_x32.sys [27/10/2009 11:01 12672]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [26/10/2008 11:10 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/11/2009 17:02 1153368]
R2 WMDrive;WMDrive;c:\windows\System32\drivers\WMDriv e.sys [29/10/2009 13:27 32384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/10/2008 10:01 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [11/05/2009 11:49 64544]
R3 vpcbus;Virtual PC Host Bus Service;c:\windows\System32\drivers\vpchbus.sys [29/10/2009 14:19 165376]
R3 vpcusb;USB Virtualization Connector Service;c:\windows\System32\drivers\vpcusb.sys [29/10/2009 14:19 78336]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\ v4.0.21006\mscorsvw.exe [07/10/2009 02:44 129856]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [13/07/2009 23:19 20992]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1179232]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2 kfNT.sys [04/08/2009 21:16 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2 Nadr.sys [04/08/2009 21:16 79104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21 006\WPF\WPFFontCache_v0400.exe [07/10/2009 02:44 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 03:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 02:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 02:23 366936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CPUZ132
*NewlyCreated* - PROCEXP113
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario &pf=cnnb
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario &pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario &pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario &pf=cnnb
uInternet Settings,ProxyOverride = local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\
FF - component: c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\components\cooliris.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profi les\5cxbhfvj.default\extensions\piclens@cooliris.c om\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-PC Alarm Clock - c:\program files\PC Alarm Clock\pcalarmclock.exe
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-Magic ISO Maker v5.5 (build 0276) - c:\progra~1\MagicISO\UNWISE.EXE
AddRemove-My HP Game Console - c:\program files\HP Games\My HP Game Console\Uninstall.exe
AddRemove-PC Alarm Clock - c:\progra~1\PCALAR~1\UNWISE.EXE
AddRemove-WildTangent hp Master Uninstall - c:\program files\HP Games\Uninstall.exe
AddRemove-WT049848 - c:\program files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe
AddRemove-WT049937 - c:\program files\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT049943 - c:\program files\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT049955 - c:\program files\HP Games\Gem Shop\Uninstall.exe
AddRemove-WT049962 - c:\program files\HP Games\Mahjongg Artifacts\Uninstall.exe
AddRemove-WT049976 - c:\program files\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT049981 - c:\program files\HP Games\Snowy - Treasure Hunter 2\Uninstall.exe
AddRemove-WT050002 - c:\program files\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT050003 - c:\program files\HP Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT050005 - c:\program files\HP Games\Crystal Maze\Uninstall.exe
AddRemove-WT050007 - c:\program files\HP Games\Escape the Museum\Uninstall.exe
AddRemove-WT050012 - c:\program files\HP Games\FATE\Uninstall.exe
AddRemove-WT050029 - c:\program files\HP Games\Magic Academy\Uninstall.exe
AddRemove-WT050033 - c:\program files\HP Games\Mah Jong Quest\Uninstall.exe
AddRemove-WT050038 - c:\program files\HP Games\Peggle\Uninstall.exe
AddRemove-WT050039 - c:\program files\HP Games\Penguins!\Uninstall.exe
AddRemove-WT050041 - c:\program files\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT050042 - c:\program files\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT050043 - c:\program files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe
AddRemove-WT050044 - c:\program files\HP Games\Polar Pool\Uninstall.exe
AddRemove-WT050046 - c:\program files\HP Games\Tradewinds\Uninstall.exe
AddRemove-WT050047 - c:\program files\HP Games\Tradewinds Legends\Uninstall.exe
AddRemove-WT050048 - c:\program files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe
AddRemove-WT050049 - c:\program files\HP Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT050056 - c:\program files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT050062 - c:\program files\HP Games\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT050068 - c:\program files\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT050074 - c:\program files\HP Games\Granny in Paradise\Uninstall.exe
AddRemove-WT050162 - c:\program files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe
AddRemove-WT050363 - c:\program files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe
AddRemove-{ECEE0279-785F-4CB3-9F28-E69813234BF8} - c:\program files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-11-07 14:55
ComboFix-quarantined-files.txt 2009-11-07 14:55

Pre-Run: 9,505,329,152 bytes free
Post-Run: 9,043,505,152 bytes free

- - End Of File - - A7E58AB777177DBEE945F33930C4C252

broni · #3 (**permalink**) 07-11-2009, 07:43 PM

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).