0

Hi to all....im a noob here n have alil knowledge on IT stuff so please bear with me if i dont understand everything here. Anyway i think i got a virus since i copied some files from a friend n saved it to my desktop. i booted my computer n saw that IE automatically opened at start up. So i did the " msconfig" n uncheck, look at the start-up programs n folder, runned Malwarebytes and AVG 8. Malwarebytes found some infected files n so does avg. So i quantined n deleted them. I even runned my Uniblue registry booster 2010. Then to my surprise after booting again, IE still opens. Anyway i did send IE to a dummy proxy so it cant connect. I dont use IE but its really annoying during start up n im afraid there might be a sneaky virus making me think everything is ok coz it is so far. Also i got the latest version of Hijackthis coz as ived seen most peeps that were able to help ask for a log file. Please help me out guys. TIA.

Dex

2
Contributors
29
Replies
30
Views
7 Years
Discussion Span
Last Post by `d3x
0

Hi and welcome to daniweb,
First of all please don't use that Uniblue registry booster 2010. There is really no way to "boost" the registry. Programs like that can cause more trouble than you all ready have.
Before we can offer advice we need to see the log from MBA-M for sure so we know what we may be dealing with, also a log from AVG if it produced one.
Also, please run a System Scan and save the log with HiJackThis and post that here along with the others.
Judy

Edited by jholland1964: n/a

0

Hi thank you forthe response. So you suggest for me to uninstall the uniblue reg booster or i can just let it be n dont use it. Im kinda afraid it might mess up my system if i uninstall it with its peripherals. Anyway as ived said im just a regular computer user...please letme know whats a "MBA-M" and how to get what info you require. Il post both log from AVG n Hijack this. Again thanks alot.

0

This is the last scan for AVG.


"I:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"I:\Seagate Backup\DXJACKSON\History\Level2\H\My Pictures\Presets\Lightroom Presets 1\PhotoTools_201_Lite.zip:\PhotoTools_201_Lite.exe:\AutoPlay\autorun.cdd";"Password-protected";""
"I:\Seagate Backup\DXJACKSON\History\Level2\H\My Pictures\Presets\Lightroom Presets 1\PhotoTools_201_Lite.zip:\PhotoTools_201_Lite.exe";"Password-protected";""
"I:\Seagate Backup\DXJACKSON\History\Level2\H\My Pictures\Presets\Lightroom Presets 1\PhotoTools_201_Lite.zip";"Password-protected";""
"I:\Seagate Backup\DXJACKSON\H\My Pictures\Presets\LR Presets 1\PhotoTools_201_Lite.zip:\PhotoTools_201_Lite.exe:\AutoPlay\autorun.cdd";"Password-protected";""
"I:\Seagate Backup\DXJACKSON\H\My Pictures\Presets\LR Presets 1\PhotoTools_201_Lite.zip:\PhotoTools_201_Lite.exe";"Password-protected";""
"I:\Seagate Backup\DXJACKSON\H\My Pictures\Presets\LR Presets 1\PhotoTools_201_Lite.zip";"Password-protected";""
"I:\Files\Intallers\Microsoft Office 07\Standard.WW\StdWW.cab:\HTML.XLAM";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Standard.WW\StdWW.cab";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\ProPlus.WW\ProPlsWW.cab:\HTML.XLAM";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\ProPlus.WW\ProPlsWW.cab";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\GLOBAL.MPT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR9.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR8.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR7.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR6.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR5.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR4.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR3.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR2.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR10.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab:\ADR1.XLT_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Project.en-us\ProjLR.cab";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Office.en-us\OfficeLR.cab:\EXPTOOWS.XLA_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Office.en-us\OfficeLR.cab";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\SUMIF.XLAM_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\SOLVSAMP.XLS_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\SOLVER.XLAM_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\PROCDB.XLAM_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\LOOKUP.XLAM_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\FUNCRES.XLAM_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab:\ATPVBAEN.XLAM_1033";"Contains macros";""
"I:\Files\Intallers\Microsoft Office 07\Excel.en-us\ExcelLR.cab";"Contains macros";""
"I:\Files\Intallers\Installer\WINZIP80.EXE:\SETUP.WZ";"Password-protected";""
"I:\Files\Intallers\Installer\WINZIP80.EXE";"Password-protected";""
"I:\fb1029c667dfeec63601e25f\update\";"Locked file. Not tested.";"Locked file. Not tested."
"I:\9f48a91d18b4a5728cad3c6d181e1a43\update\";"Locked file. Not tested.";"Locked file. Not tested."
"I:\555ea6c5fed4f91b96c9d9e7d6fc\update\";"Locked file. Not tested.";"Locked file. Not tested."
"I:\3ea0d41f139c79b70e5fca5eaa65d3\vsscenario.dll";"Locked file. Not tested.";"Locked file. Not tested."
"I:\3ea0d41f139c79b70e5fca5eaa65d3\vsbasereqs.dll";"Locked file. Not tested.";"Locked file. Not tested."
"I:\3ea0d41f139c79b70e5fca5eaa65d3\vs70uimgr.dll";"Locked file. Not tested.";"Locked file. Not tested."
"I:\3ea0d41f139c79b70e5fca5eaa65d3\vs_setup.dll";"Locked file. Not tested.";"Locked file. Not tested."
"I:\3ea0d41f139c79b70e5fca5eaa65d3\HtmlLite.dll";"Locked file. Not tested.";"Locked file. Not tested."
"I:\3ea0d41f139c79b70e5fca5eaa65d3\gencomp.dll";"Locked file. Not tested.";"Locked file. Not tested."
"I:\26c07de14487d79ed2b71df871a06a\update\";"Locked file. Not tested.";"Locked file. Not tested."
"H:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"H:\My Pictures\Presets\LR Presets 1\PhotoTools_201_Lite.zip:\PhotoTools_201_Lite.exe:\AutoPlay\autorun.cdd";"Password-protected";""
"H:\My Pictures\Presets\LR Presets 1\PhotoTools_201_Lite.zip:\PhotoTools_201_Lite.exe";"Password-protected";""
"H:\My Pictures\Presets\LR Presets 1\PhotoTools_201_Lite.zip";"Password-protected";""
"H:\459dbefb0dbf05613a09560a784e\wcu\";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapUI.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.3082.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.2070.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.2052.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1055.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1053.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1049.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1046.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1045.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1044.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1043.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1042.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1041.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1040.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1038.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1037.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1036.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1035.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1032.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1031.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1030.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1029.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1028.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\WapRes.1025.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\VSScenario.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\VSBaseReqs.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\VS70UIMgr.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\vs_setup.msi";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\VS_Setup.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\SitSetup.DLL";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.3082.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.2070.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.2052.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1055.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1053.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1049.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1046.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1045.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1044.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1043.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1042.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1041.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1040.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1038.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1037.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1036.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1035.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1032.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1031.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1030.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1029.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1028.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\setupres.1025.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\Setup.EXE";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\logo.bmp";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\LocData.INI";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.3082.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.2070.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.2052.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1055.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1053.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1049.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1046.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1045.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1044.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1043.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1042.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1041.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1040.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1038.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1037.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1036.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1035.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1032.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1031.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1030.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1029.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1028.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\locdata.1025.ini";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\HtmlLite.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\GenComp.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\dlmgr.dll";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\DeleteTemp.exe";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\DefFactory.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"H:\459dbefb0dbf05613a09560a784e\BaseLine.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"D:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\common\data\visualSettings.xls";"Contains macros";""
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\common\data\old_anim_action_table.xls";"Contains macros";""
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\common\data\action_table.xls";"Contains macros";""
"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS:AstInfo";"Locked file. Not tested.";"Locked file. Not tested."
"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Program Files\Microsoft Office\Office12\SAMPLES\SOLVSAMP.XLS";"Contains macros";""
"C:\Program Files\Microsoft Office\Office12\Library\HTML.XLAM";"Contains macros";""
"C:\Program Files\Microsoft Office\Office12\1033\EXPTOOWS.XLA";"Contains macros";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100117171043.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100117143930.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100113114501.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100108080340.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100108072303.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100106171958.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100105085355.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20100101070122.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091231132517.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091231063104.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091230095501.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091228090445.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091227163231.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091225125317.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091224171043.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091224061004.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091222122258.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091221181245.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091220101619.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091219112739.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091217052409.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091215072931.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091213164333.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091212053517.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091211101730.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091211051040.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091209142703.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091208102133.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091126141911.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091124095000.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091121093142.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091119053758.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091118052024.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091117192511.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091114111626.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091108074743.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091106081312.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091105102156.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091103164300.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091103064449.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091102065511.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091030194102.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091029160731.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091029050811.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091027103457.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091021111514.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091014170354.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091013173600.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091004074050.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091002045849.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091001113528.zip";"Password-protected";""
"C:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20091001101804.zip";"Password-protected";""
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab:\EXPTOOWS.XLA_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\SUMIF.XLAM_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\SOLVSAMP.XLS_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\SOLVER.XLAM_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\PROCDB.XLAM_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\LOOKUP.XLAM_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\FUNCRES.XLAM_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab:\ATPVBAEN.XLAM_1033";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-C\ProPlsWW.cab:\HTML.XLAM";"Contains macros";""
"C:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-C\ProPlsWW.cab";"Contains macros";""
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\d\ntuser.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\d\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll";"Locked file. Not tested.";"Locked file. Not tested."

0

Here's what i got from Hijackthis just right after start-up n the IE just popped up. This log is also after Malwarebytes n AVG scan/clean-up.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:49:58 AM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bcd2kcpan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\7SP_Files\WinFlip\WinFlip.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Services] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Policies\Explorer\Run: [Microsoft Services] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinFlip.lnk = C:\WINDOWS\7SP_Files\WinFlip\WinFlip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260515129281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12461 bytes

0

Hi thank you forthe response. So you suggest for me to uninstall the uniblue reg booster or i can just let it be n dont use it. Im kinda afraid it might mess up my system if i uninstall it with its peripherals. Anyway as ived said im just a regular computer user...please letme know whats a "MBA-M" and how to get what info you require. Il post both log from AVG n Hijack this. Again thanks alot.

MBA-M is Malwarebytes. I need to see that log.
I would definitely advise AGAINST using any type of program like this Uniblue program. Not sure what peripherals you are talking about...that should be a clue right there...if you are afraid to uninstall a program then it never should be installed in the first place.
Honestly don't see any removals done with AVG 8, virtually everything says either "Password-protected" or "Locked file. Not tested." this means nothing was done.

Edited by jholland1964: n/a

0

Malwarebytes removed infected files it finished before AVG does. So what do i do now....coz IE stil opens =(

0

Malwarebytes removed infected files it finished before AVG does. So what do i do now....coz IE stil opens =(

Not sure what you mean by it finished before AVG does...you never should do two scans at the same time, they will interfere with each other and maybe not remove at all, even if they say they do.
I need to see the Malwarebytes' log. Open the program, click the log tab and open the last log. Copy/Paste that log here.

0

Just did a scan today heres what i got....btw IE still opens


Malwarebytes' Anti-Malware 1.44
Database version: 3650
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/29/2010 4:48:29 PM
mbam-log-2010-01-29 (16-48-29).txt

Scan type: Full Scan (C:\|D:\|H:\|I:\|)
Objects scanned: 355020
Time elapsed: 1 hour(s), 25 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

You need to follow these instructions EXACTLY.
lease download ComboFix by sUBs from HERE or HERE

* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

When the program has finished I NEED to SEE the FULL COMBOFIX log so copy/paste it back here.

Then do a new scan with HiJackThis and post back with that new log.
Judy

0

Hi heres my CF log...Thanks

ComboFix 10-01-30.04 - d 01/31/2010 14:24:33.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2187 [GMT 8:00]
Running from: c:\documents and settings\d\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\d\Start Menu\Programs\Startup\MagicDisc.lnk
c:\program files\Internet Explorer\SET1D.tmp
c:\recycler\S-1-5-21-0099048501-3139226194-164995630-4044
c:\recycler\S-1-5-21-0656947188-2139150790-405256335-2498
c:\recycler\S-1-5-21-2541566092-0232010356-754887910-5045
c:\recycler\S-1-5-21-3606594044-6250286081-615440874-6902
c:\windows\EventSystem.log
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\comres.backup
c:\windows\system32\wfxhelp22.dll
H:\autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-28 09:07 . 2010-01-28 09:07 -------- d-----w- c:\documents and settings\d\Application Data\SkypeCap
2010-01-28 09:06 . 2010-01-28 09:06 -------- d-----w- c:\program files\Common Files\GeoVid
2010-01-28 09:06 . 2010-01-28 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2010-01-28 09:06 . 2005-06-07 08:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-01-28 09:06 . 2004-08-18 08:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-28 09:06 . 2010-01-28 09:06 -------- d-----w- c:\program files\SkypeCap
2010-01-27 12:04 . 2010-01-27 12:04 -------- d-----w- C:\Angel_tem
2010-01-27 11:33 . 2010-01-27 11:33 388096 ----a-r- c:\documents and settings\d\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-27 11:33 . 2010-01-27 11:33 -------- d-----w- c:\program files\TrendMicro
2010-01-27 09:05 . 2010-01-27 09:05 262144 ----a-w- C:\ntuser.dat
2010-01-27 08:55 . 2009-11-25 05:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-27 07:36 . 2010-01-27 07:36 503808 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c656bde-n\msvcp71.dll
2010-01-27 07:36 . 2010-01-27 07:36 499712 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c656bde-n\jmc.dll
2010-01-27 07:36 . 2010-01-27 07:36 348160 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c656bde-n\msvcr71.dll
2010-01-27 07:36 . 2010-01-27 07:36 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 07:36 . 2010-01-27 07:36 61440 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52223892-n\decora-sse.dll
2010-01-27 07:36 . 2010-01-27 07:36 12800 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52223892-n\decora-d3d.dll
2010-01-27 07:31 . 2010-01-24 11:01 1452032 ----a-w- c:\documents and settings\d\Application Data\2K Sports\NBA 2K10\Saves\REDitor07beta1.exe
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-23 12:16 . 2010-01-27 11:04 -------- d-----w- c:\program files\Ontrack
2010-01-19 08:11 . 2009-09-25 02:36 48160 ----a-w- c:\windows\system32\RHCoInstXP.dll
2010-01-19 08:11 . 2009-09-25 02:36 1489440 ----a-w- c:\windows\RtaUpd.exe
2010-01-19 08:11 . 2009-09-25 02:12 4241792 ----a-w- c:\windows\system32\drivers\RtKHDMI.sys
2010-01-19 08:10 . 2009-07-08 04:05 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-01-19 07:27 . 2010-01-19 08:09 17787900 ----a-w- c:\documents and settings\d\Application Data\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa015_10_0_5945.exe
2010-01-19 07:27 . 2010-01-19 07:37 5483871 ----a-w- c:\documents and settings\d\Application Data\Uniblue\DriverScanner\Download\pci_ven_10ec_dev_8168_subsys_528c1462_rev_025_736_0728_2009.exe
2010-01-19 07:18 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2010-01-19 07:18 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2010-01-19 07:18 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2010-01-19 07:18 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2010-01-19 07:18 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2010-01-19 07:18 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2010-01-19 07:18 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2010-01-19 07:18 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2010-01-19 07:18 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2010-01-19 06:46 . 2010-01-19 07:19 -------- d-----w- c:\program files\Uniblue
2010-01-13 07:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 07:14 . 2010-01-13 07:14 -------- d-----w- c:\program files\ConvertHelper
2010-01-09 04:16 . 2010-01-09 04:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2010-01-08 08:17 . 2010-01-08 08:17 -------- d-----w- c:\program files\onOne Software
2010-01-08 07:21 . 2010-01-08 07:21 -------- d--h--w- c:\windows\PIF
2010-01-08 06:28 . 2009-02-13 03:35 442368 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\FocalPointPalette.exe
2010-01-08 06:28 . 2009-02-13 03:38 454656 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\CoreFoundation.dll
2010-01-08 06:28 . 2009-02-13 03:38 163840 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\OnOneWidgets.dll
2010-01-08 06:28 . 2009-02-13 03:38 815104 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\PTPalette.exe
2010-01-08 06:28 . 2009-02-13 03:38 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.B.0.dll
2010-01-08 06:28 . 2009-02-13 03:38 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.A.0.dll
2010-01-08 06:28 . 2009-02-13 03:38 204800 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.9.0.dll
2010-01-08 06:28 . 2009-02-13 03:35 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\Interop.Photoshop.B.0.dll
2010-01-08 06:28 . 2009-02-13 03:35 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\Interop.Photoshop.A.0.dll
2010-01-08 06:28 . 2009-02-13 03:35 204800 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\Interop.Photoshop.9.0.dll
2010-01-08 06:21 . 2009-02-13 03:38 794624 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\PhotoFramePalette.exe
2010-01-08 06:21 . 2009-02-13 03:38 68361 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\LaunchPhotoFrame4.exe
2010-01-08 06:21 . 2009-02-13 03:38 454656 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\CoreFoundation.dll
2010-01-08 06:21 . 2009-02-13 03:38 163840 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\OnOneWidgets.dll
2010-01-08 06:21 . 2009-02-13 03:35 163840 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\OnOneWidgets.dll
2010-01-08 06:21 . 2009-02-13 03:35 454656 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\CoreFoundation.dll
2010-01-08 06:19 . 2010-01-08 06:19 -------- d-----w- c:\windows\MSSecurityNS
2010-01-08 06:19 . 2010-01-08 06:19 -------- d-----w- c:\windows\MSSecurityNi
2010-01-07 06:03 . 2010-01-06 04:08 4726272 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-07 06:03 . 2010-01-06 04:08 57856 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-07 06:03 . 2010-01-06 04:08 545280 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-07 06:03 . 2010-01-06 04:08 4725760 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-07 06:03 . 2010-01-06 04:08 344064 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-07 06:03 . 2010-01-06 04:08 153600 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-07 06:03 . 2010-01-06 04:08 103424 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-05 04:15 . 2010-01-05 04:15 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\program files\DIFX
2010-01-05 03:57 . 2010-01-05 03:57 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-01-03 12:49 . 2010-01-12 07:50 -------- d-----w- c:\documents and settings\d\Application Data\Tropico 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 05:38 . 2009-10-01 14:33 -------- d-----w- c:\documents and settings\d\Application Data\WTablet
2010-01-30 13:28 . 2009-11-17 12:03 -------- d-----w- c:\documents and settings\d\Application Data\vlc
2010-01-29 07:18 . 2009-10-01 14:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-28 13:18 . 2009-10-25 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-28 09:10 . 2009-10-04 07:50 -------- d-----w- c:\documents and settings\d\Application Data\Skype
2010-01-28 08:22 . 2009-10-04 08:09 -------- d-----w- c:\documents and settings\d\Application Data\skypePM
2010-01-27 09:05 . 2009-10-06 15:08 -------- d-----w- c:\documents and settings\d\Application Data\Yahoo!
2010-01-27 09:05 . 2009-10-01 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-27 09:05 . 2009-10-01 09:00 -------- d-----w- c:\program files\Yahoo!
2010-01-27 08:55 . 2009-10-01 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-27 08:35 . 2009-10-01 10:18 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-01-27 07:35 . 2009-10-01 14:50 -------- d-----w- c:\program files\Java
2010-01-24 11:37 . 2009-10-10 12:05 -------- d-----w- c:\documents and settings\d\Application Data\Azureus
2010-01-23 12:16 . 2009-10-01 03:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:16 . 2009-10-01 03:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 08:17 . 2009-10-01 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-19 12:30 . 2009-10-29 11:32 21632 ----a-w- c:\windows\system32\drivers\BCD2000WDM.SYS
2010-01-19 12:30 . 2009-09-29 19:49 86016 ----a-w- c:\windows\system32\bcd2kasio.dll
2010-01-19 12:30 . 2009-09-29 19:49 532480 ----a-w- c:\windows\system32\bcd2kcpan.exe
2010-01-19 12:30 . 2009-09-29 19:49 42400 ----a-w- c:\windows\system32\drivers\BCD2000.SYS
2010-01-19 09:21 . 2009-11-24 20:37 1424440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-19 08:10 . 2009-10-01 03:28 -------- d-----w- c:\program files\Realtek
2010-01-19 07:26 . 2010-01-19 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-19 07:21 . 2009-10-03 07:10 -------- d-----w- c:\documents and settings\d\Application Data\Uniblue
2010-01-19 07:19 . 2010-01-19 07:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-19 07:19 . 2010-01-19 07:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-01-13 08:23 . 2009-11-14 10:15 -------- d-----w- c:\documents and settings\d\Application Data\Any Video Converter Professional
2010-01-08 06:54 . 2009-10-03 10:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 06:53 . 2009-12-08 11:07 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 06:28 . 2009-10-07 11:23 -------- d-----w- c:\documents and settings\d\Application Data\onOne Software
2010-01-08 06:28 . 2009-10-06 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-01-08 06:26 . 2009-11-04 04:30 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-01-07 08:07 . 2009-10-03 10:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2009-10-03 10:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 03:57 . 2009-10-11 13:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-04 14:14 . 2009-10-06 04:30 -------- d-----w- c:\program files\MagicDisc
2009-12-30 13:14 . 2009-10-27 08:03 -------- d-----w- c:\program files\Common Files\Real
2009-12-28 18:20 . 2009-12-28 18:20 -------- d-----w- c:\documents and settings\d\Application Data\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
2009-12-28 18:20 . 2009-12-28 18:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 18:20 . 2009-12-28 18:20 -------- d-----w- c:\program files\Multiply
2009-12-28 18:20 . 2009-12-28 18:20 38784 ----a-w- c:\documents and settings\d\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 18:20 . 2009-12-28 18:20 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 17:38 . 2009-12-25 17:38 -------- d-----w- c:\program files\XYLIO
2009-12-22 14:17 . 2009-10-31 11:10 -------- d-----w- c:\documents and settings\d\Application Data\dvdcss
2009-12-22 12:06 . 2009-12-22 12:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 14:56 . 2009-10-01 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-18 08:10 . 2009-10-10 12:05 -------- d-----w- c:\program files\Vuze
2009-12-17 09:14 . 2009-10-01 14:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 05:48 . 2009-12-15 05:48 -------- d-----w- c:\documents and settings\d\Application Data\JGsoft
2009-12-12 11:17 . 2009-12-11 14:02 -------- d-----w- c:\program files\ATI
2009-12-11 18:00 . 2009-12-22 12:05 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-11 14:09 . 2009-12-11 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-12-11 14:04 . 2009-10-01 03:55 -------- d-----w- c:\program files\ATI Technologies
2009-12-11 14:02 . 2009-12-11 14:02 10134 ----a-r- c:\documents and settings\d\Application Data\Microsoft\Installer\{20820A45-02A1-144C-21A3-A1812C5DDE23}\ARPPRODUCTICON.exe
2009-12-11 09:58 . 2009-10-01 17:09 -------- d-----w- c:\documents and settings\d\Application Data\2K Sports
2009-12-11 09:12 . 2009-12-11 09:08 5409 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-12-11 09:12 . 2009-10-01 05:41 72166 ----a-w- c:\windows\BricoPackUninst.cmd
2009-12-11 09:12 . 2004-08-04 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-11 03:23 . 2009-09-30 03:34 23392 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 19:41 . 2009-12-10 19:41 -------- d-----w- c:\documents and settings\d\Application Data\ViStart
2009-12-10 16:38 . 2009-12-10 16:38 -------- d-----w- c:\documents and settings\d\Application Data\Styler
2009-12-09 15:19 . 2009-12-09 15:19 -------- d-----w- c:\program files\iTunes
2009-12-09 15:19 . 2009-12-09 15:19 -------- d-----w- c:\program files\iPod
2009-12-09 15:19 . 2009-10-02 01:42 -------- d-----w- c:\program files\Common Files\Apple
2009-12-09 15:18 . 2009-10-02 01:43 -------- d-----w- c:\program files\QuickTime
2009-12-09 15:04 . 2009-12-09 15:04 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-08 09:37 . 2009-10-01 03:36 -------- d-----w- c:\program files\MSI
2009-12-08 06:31 . 2009-12-08 06:31 11312764 ----a-w- c:\documents and settings\d\Application Data\futuredecks_pro_2.exe
2009-12-08 06:31 . 2009-12-08 06:31 11312764 ----a-w- c:\documents and settings\d\Application Data\futuredecks_pro_2.exe
2009-11-24 15:05 . 2009-11-24 15:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-24 08:15 . 2009-10-01 14:33 71272 ----a-w- c:\documents and settings\d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 18:57 . 2009-11-23 18:57 152576 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 18:57 . 2009-11-23 18:57 79488 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 07:02 . 2009-11-21 07:02 921 ----a-w- c:\windows\QSFVExit.bat
2009-11-17 19:30 . 2009-12-15 05:47 65776 ----a-w- c:\windows\UnDeploy.exe
2009-11-17 19:28 . 2009-11-17 19:28 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-17 19:26 . 2009-11-17 19:26 1924440 ----a-w- c:\documents and settings\d\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-11-04 16:15 . 2008-04-07 01:11 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45 . 2009-10-01 03:55 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44 . 2008-04-07 01:09 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29 . 2008-04-07 01:11 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29 . 2008-04-07 01:14 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29 . 2008-04-07 01:10 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29 . 2008-04-07 01:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28 . 2008-04-07 01:10 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28 . 2009-10-01 03:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27 . 2008-04-07 01:10 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26 . 2008-04-07 01:10 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18 . 2008-04-07 01:11 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17 . 2009-08-14 01:47 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2008-04-07 01:14 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04 . 2009-10-01 03:55 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 15:04 . 2009-10-01 03:55 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-04 14:51 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51 . 2008-04-07 01:09 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2008-04-07 01:11 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-13 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 . E3CA5F98EC61E77DB48355306FEC0CD4 . 1512448 . . [6.00.2900.5512] . . c:\windows\Service_Pack_Files\i386\explorer.exe
[-] 2004-08-04 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . 4CD919173DE30889D35DBD82CA3A843B . 1510912 . . [6.00.2900.2180] . . c:\windows\7SP_Files\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\7SP_Files\backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 05:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"BCD2000"="c:\windows\system32\bcd2kcpan.exe" [2010-01-19 532480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-31 16857600]
"DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Services"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-03-08 638816]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Services"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-03-08 638816]

c:\documents and settings\d\Start Menu\Programs\Startup\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
WinFlip.lnk - c:\windows\7SP_Files\WinFlip\WinFlip.exe [2009-12-11 479232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-17 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-01 06:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^AeroShake.lnk]
backup=c:\windows\pss\AeroShake.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^MagicDisc.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^Refresh Icon Cache.lnk]
path=c:\documents and settings\d\Start Menu\Programs\Startup\Refresh Icon Cache.lnk
backup=c:\windows\pss\Refresh Icon Cache.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^Styler toolbar.lnk]
backup=c:\windows\pss\Styler toolbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^VisualTaskTips.lnk]
backup=c:\windows\pss\VisualTaskTips.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^YzShadow.lnk]
backup=c:\windows\pss\YzShadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^`d3x^Start Menu^Programs^Startup^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^`d3x^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^`d3x^Start Menu^Programs^Startup^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 15:24 620152 ----a-w- d:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 23:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-03-31 05:26 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 21:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2008-04-13 07:09 49152 ----a-w- c:\windows\7SP_Files\Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 06:50 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 11:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 08:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation]
2009-03-08 06:09 638816 ----a-w- c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Viewer]
2009-03-08 06:09 638816 ----a-w- c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 06:21 2213160 ----a-w- d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 06:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"d:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"d:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"d:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"d:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/1/2009 1:47 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/1/2009 1:47 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/1/2009 1:47 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/1/2009 2:01 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2009 2:01 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/1/2009 2:01 PM 1370488]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2009 6:52 PM 236368]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/6/2009 12:15 PM 14976]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [10/1/2009 2:16 PM 1373480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/1/2009 12:02 PM 29208]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [1/30/2007 3:20 PM 834944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2009 6:52 PM 19160]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/1/2009 12:02 PM 29208]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;c:\windows\system32\drivers\BCD2000.SYS [9/30/2009 3:49 AM 42400]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;c:\windows\system32\drivers\BCD2000WDM.SYS [10/29/2009 7:32 PM 21632]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2/13/2007 5:16 PM 12288]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2010-01-31 c:\windows\Tasks\User_Feed_Synchronization-{400D33BA-A208-4475-AB93-32940E9F4045}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://ph.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ph&p=
FF - component: c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF - plugin: d:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1604221776-839522115-1008\Software\SecuROM\License information*]
"datasecu"=hex:69,b9,44,9e,de,73,f8,55,89,11,68,8e,bc,a7,be,ac,59,f6,8d,a7,7d,
33,69,a2,a4,47,c3,61,c5,a9,e6,84,2b,c1,de,37,cf,38,51,62,84,b2,7c,17,0c,f4,\
"rkeysecu"=hex:d8,74,36,5c,13,25,3e,39,e5,b7,b3,9a,c5,53,6a,0f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-31 14:30:28
ComboFix-quarantined-files.txt 2010-01-31 06:30

Pre-Run: 79,366,787,072 bytes free
Post-Run: 79,394,746,368 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 7B0D5E0306A58A41E1C1F19D2D8AE830

0

Heres my latest Hijackthis log after CF...

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:41:06 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\bcd2kcpan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Services] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Policies\Explorer\Run: [Microsoft Services] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinFlip.lnk = C:\WINDOWS\7SP_Files\WinFlip\WinFlip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260515129281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11487 bytes

0

heres what you asked for...next step please. Thanks

0

· Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
· Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

Registry::


[-HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Services"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-03-08 638816]

[-HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Services"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-03-08 638816]

· Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
· At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
· You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
· Now use your mouse to drag CFscript.txt on top of ComboFix.exe
· Follow the prompts.
· When it finishes, a log will be produced named c:\combofix.txt
· I will ask for this log below

When this completes, reboot the computer.
Post that new combofix log here.

Run HiJackThis again and save that log. Post that new log back here also.
Judy

Edited by jholland1964: n/a

0

hope ya dont mind me asking. If i do that scripting will i still be able use internet explorer,specially for windows update or malwarebytes update? Coz i tried to use a dummy proxy for IE so it wont connect but malwarebytes wont uodate n ofcourse i cant do windows update via IE. Is there a way i can update both via firefox browser? Thanks

0

hope ya dont mind me asking. If i do that scripting will i still be able use internet explorer,specially for windows update or malwarebytes update? Coz i tried to use a dummy proxy for IE so it wont connect but malwarebytes wont uodate n ofcourse i cant do windows update via IE. Is there a way i can update both via firefox browser? Thanks

That is your infection. You are not removing Internet Explorer, you are removing those listings from the auto start.
Those listings are in your Auto Start...pointing to your original complaint

IE opens on startup everytime!!!

and they are not supposed to be there.
See these entries in your HiJackThis log:

O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Services] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Policies\Explorer\Run: [Microsoft Services] C:\Program Files\Internet Explorer\IEXPLORE.EXE

those are the auto starting programs, when your computer boots up everything listed there starts up and runs all the time in the back ground. Some are needed and are supposed to auto start, your anti-virus program for one, but Internet Explorer is NOT supposed to auto start with the computer. It is supposed to start up when YOU tell it to start up by opening the program. It is listed in your O4 listings NOT as Internet Explorer but as Microsoft Services, a clear sign this is an infection, because Internet Explorer is NOT a Microsoft Service, it wouldn't be listed as a service. There are many services, services are listed in the logs as O23 listings but you would never find Internet Explorer there either.

Services are programs that are loaded automatically by Windows on startup. These services are loaded regardless of whether or not a user logs on to the the computer and tend to be used to handle system wide tasks such as Windows operating system features, antivirus software, or application servers.

this does not include Internet Explorer.
You will still be able to use Internet Explorer, as it is supposed to be used and not via a dummy proxy, as you have attempted, because of course that won't work.

0

thanks for the explanation il get right to it hopefully it gets the job done. Thanks il report it back at ya...

0

did everything you asked me to do sir...heres my log.

ComboFix 10-02-02.02 - d 02/04/2010 16:52:32.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2418 [GMT 8:00]
Running from: c:\documents and settings\d\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\d\Desktop\CFscript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\logs.dat
H:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-02 12:52 . 2010-02-02 13:00 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-02 12:52 . 2010-02-02 13:00 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-02 12:52 . 2010-02-02 12:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-02 12:52 . 2010-02-02 12:52 -------- d-----w- c:\documents and settings\d\Local Settings\Application Data\PunkBuster
2010-01-31 07:52 . 2010-01-25 04:47 1475584 ----a-w- c:\documents and settings\d\Application Data\2K Sports\NBA 2K10\Saves\REDitor07beta2.exe
2010-01-28 09:07 . 2010-01-28 09:07 -------- d-----w- c:\documents and settings\d\Application Data\SkypeCap
2010-01-28 09:06 . 2010-01-28 09:06 -------- d-----w- c:\program files\Common Files\GeoVid
2010-01-28 09:06 . 2010-01-28 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2010-01-28 09:06 . 2005-06-07 08:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-01-28 09:06 . 2004-08-18 08:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-28 09:06 . 2010-01-28 09:06 -------- d-----w- c:\program files\SkypeCap
2010-01-27 12:04 . 2010-01-27 12:04 -------- d-----w- C:\Angel_tem
2010-01-27 11:33 . 2010-01-27 11:33 388096 ----a-r- c:\documents and settings\d\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-27 11:33 . 2010-01-27 11:33 -------- d-----w- c:\program files\TrendMicro
2010-01-27 09:05 . 2010-01-27 09:05 262144 ----a-w- C:\ntuser.dat
2010-01-27 08:55 . 2009-11-25 05:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-27 07:36 . 2010-01-27 07:36 503808 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c656bde-n\msvcp71.dll
2010-01-27 07:36 . 2010-01-27 07:36 499712 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c656bde-n\jmc.dll
2010-01-27 07:36 . 2010-01-27 07:36 348160 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c656bde-n\msvcr71.dll
2010-01-27 07:36 . 2010-01-27 07:36 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 07:36 . 2010-01-27 07:36 61440 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52223892-n\decora-sse.dll
2010-01-27 07:36 . 2010-01-27 07:36 12800 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52223892-n\decora-d3d.dll
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-23 12:16 . 2010-01-27 11:04 -------- d-----w- c:\program files\Ontrack
2010-01-19 08:11 . 2009-09-25 02:36 48160 ----a-w- c:\windows\system32\RHCoInstXP.dll
2010-01-19 08:11 . 2009-09-25 02:36 1489440 ----a-w- c:\windows\RtaUpd.exe
2010-01-19 08:11 . 2009-09-25 02:12 4241792 ----a-w- c:\windows\system32\drivers\RtKHDMI.sys
2010-01-19 08:10 . 2009-07-08 04:05 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-01-19 07:27 . 2010-01-19 08:09 17787900 ----a-w- c:\documents and settings\d\Application Data\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa015_10_0_5945.exe
2010-01-19 07:27 . 2010-01-19 07:37 5483871 ----a-w- c:\documents and settings\d\Application Data\Uniblue\DriverScanner\Download\pci_ven_10ec_dev_8168_subsys_528c1462_rev_025_736_0728_2009.exe
2010-01-19 07:18 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2010-01-19 07:18 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2010-01-19 07:18 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2010-01-19 07:18 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2010-01-19 07:18 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2010-01-19 07:18 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2010-01-19 07:18 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2010-01-19 07:18 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2010-01-19 07:18 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2010-01-19 06:46 . 2010-01-19 07:19 -------- d-----w- c:\program files\Uniblue
2010-01-13 07:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 07:14 . 2010-01-13 07:14 -------- d-----w- c:\program files\ConvertHelper
2010-01-09 04:16 . 2010-01-09 04:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2010-01-08 08:17 . 2010-01-08 08:17 -------- d-----w- c:\program files\onOne Software
2010-01-08 07:21 . 2010-01-08 07:21 -------- d--h--w- c:\windows\PIF
2010-01-08 06:28 . 2009-02-13 03:35 442368 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\FocalPointPalette.exe
2010-01-08 06:28 . 2009-02-13 03:38 454656 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\CoreFoundation.dll
2010-01-08 06:28 . 2009-02-13 03:38 163840 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\OnOneWidgets.dll
2010-01-08 06:28 . 2009-02-13 03:38 815104 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\PTPalette.exe
2010-01-08 06:28 . 2009-02-13 03:38 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.B.0.dll
2010-01-08 06:28 . 2009-02-13 03:38 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.A.0.dll
2010-01-08 06:28 . 2009-02-13 03:38 204800 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.9.0.dll
2010-01-08 06:28 . 2009-02-13 03:35 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\Interop.Photoshop.B.0.dll
2010-01-08 06:28 . 2009-02-13 03:35 208896 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\Interop.Photoshop.A.0.dll
2010-01-08 06:28 . 2009-02-13 03:35 204800 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\Interop.Photoshop.9.0.dll
2010-01-08 06:21 . 2009-02-13 03:38 794624 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\PhotoFramePalette.exe
2010-01-08 06:21 . 2009-02-13 03:38 68361 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\LaunchPhotoFrame4.exe
2010-01-08 06:21 . 2009-02-13 03:38 454656 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\CoreFoundation.dll
2010-01-08 06:21 . 2009-02-13 03:38 163840 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\PhotoFrameConduit.lrplugin\win32\OnOneWidgets.dll
2010-01-08 06:21 . 2009-02-13 03:35 163840 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\OnOneWidgets.dll
2010-01-08 06:21 . 2009-02-13 03:35 454656 ----a-w- c:\documents and settings\d\Application Data\Adobe\Lightroom\Modules\FocalPoint.lrplugin\win32\CoreFoundation.dll
2010-01-08 06:19 . 2010-01-08 06:19 -------- d-----w- c:\windows\MSSecurityNS
2010-01-08 06:19 . 2010-01-08 06:19 -------- d-----w- c:\windows\MSSecurityNi
2010-01-07 06:03 . 2010-01-06 04:08 4726272 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-07 06:03 . 2010-01-06 04:08 57856 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-07 06:03 . 2010-01-06 04:08 545280 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-07 06:03 . 2010-01-06 04:08 4725760 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-07 06:03 . 2010-01-06 04:08 344064 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-07 06:03 . 2010-01-06 04:08 153600 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-07 06:03 . 2010-01-06 04:08 103424 ----a-w- c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 08:58 . 2009-10-01 14:33 -------- d-----w- c:\documents and settings\d\Application Data\WTablet
2010-02-04 08:58 . 2009-10-01 14:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-02-03 18:56 . 2009-11-17 12:03 -------- d-----w- c:\documents and settings\d\Application Data\vlc
2010-02-02 13:54 . 2009-10-11 13:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 13:18 . 2009-10-25 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-28 09:10 . 2009-10-04 07:50 -------- d-----w- c:\documents and settings\d\Application Data\Skype
2010-01-28 08:22 . 2009-10-04 08:09 -------- d-----w- c:\documents and settings\d\Application Data\skypePM
2010-01-27 09:05 . 2009-10-06 15:08 -------- d-----w- c:\documents and settings\d\Application Data\Yahoo!
2010-01-27 09:05 . 2009-10-01 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-27 09:05 . 2009-10-01 09:00 -------- d-----w- c:\program files\Yahoo!
2010-01-27 08:55 . 2009-10-01 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-27 08:35 . 2009-10-01 10:18 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-01-27 07:35 . 2009-10-01 14:50 -------- d-----w- c:\program files\Java
2010-01-24 11:37 . 2009-10-10 12:05 -------- d-----w- c:\documents and settings\d\Application Data\Azureus
2010-01-23 12:16 . 2009-10-01 03:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:16 . 2009-10-01 03:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 08:17 . 2009-10-01 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-19 12:30 . 2009-10-29 11:32 21632 ----a-w- c:\windows\system32\drivers\BCD2000WDM.SYS
2010-01-19 12:30 . 2009-09-29 19:49 86016 ----a-w- c:\windows\system32\bcd2kasio.dll
2010-01-19 12:30 . 2009-09-29 19:49 532480 ----a-w- c:\windows\system32\bcd2kcpan.exe
2010-01-19 12:30 . 2009-09-29 19:49 42400 ----a-w- c:\windows\system32\drivers\BCD2000.SYS
2010-01-19 09:21 . 2009-11-24 20:37 1424440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-19 08:10 . 2009-10-01 03:28 -------- d-----w- c:\program files\Realtek
2010-01-19 07:26 . 2010-01-19 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-19 07:21 . 2009-10-03 07:10 -------- d-----w- c:\documents and settings\d\Application Data\Uniblue
2010-01-19 07:19 . 2010-01-19 07:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-19 07:19 . 2010-01-19 07:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-01-13 08:23 . 2009-11-14 10:15 -------- d-----w- c:\documents and settings\d\Application Data\Any Video Converter Professional
2010-01-12 07:50 . 2010-01-03 12:49 -------- d-----w- c:\documents and settings\d\Application Data\Tropico 3
2010-01-08 06:54 . 2009-10-03 10:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 06:53 . 2009-12-08 11:07 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 06:28 . 2009-10-07 11:23 -------- d-----w- c:\documents and settings\d\Application Data\onOne Software
2010-01-08 06:28 . 2009-10-06 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-01-08 06:26 . 2009-11-04 04:30 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-01-07 08:07 . 2009-10-03 10:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2009-10-03 10:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 04:15 . 2010-01-05 04:15 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\program files\DIFX
2010-01-04 14:14 . 2009-10-06 04:30 -------- d-----w- c:\program files\MagicDisc
2009-12-30 13:14 . 2009-10-27 08:03 -------- d-----w- c:\program files\Common Files\Real
2009-12-28 18:20 . 2009-12-28 18:20 -------- d-----w- c:\documents and settings\d\Application Data\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
2009-12-28 18:20 . 2009-12-28 18:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 18:20 . 2009-12-28 18:20 -------- d-----w- c:\program files\Multiply
2009-12-28 18:20 . 2009-12-28 18:20 38784 ----a-w- c:\documents and settings\d\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 18:20 . 2009-12-28 18:20 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 17:38 . 2009-12-25 17:38 -------- d-----w- c:\program files\XYLIO
2009-12-22 14:17 . 2009-10-31 11:10 -------- d-----w- c:\documents and settings\d\Application Data\dvdcss
2009-12-22 12:06 . 2009-12-22 12:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 14:56 . 2009-10-01 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-18 08:10 . 2009-10-10 12:05 -------- d-----w- c:\program files\Vuze
2009-12-17 09:14 . 2009-10-01 14:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 05:48 . 2009-12-15 05:48 -------- d-----w- c:\documents and settings\d\Application Data\JGsoft
2009-12-12 11:17 . 2009-12-11 14:02 -------- d-----w- c:\program files\ATI
2009-12-11 18:00 . 2009-12-22 12:05 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-11 14:09 . 2009-12-11 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-12-11 14:04 . 2009-10-01 03:55 -------- d-----w- c:\program files\ATI Technologies
2009-12-11 14:02 . 2009-12-11 14:02 10134 ----a-r- c:\documents and settings\d\Application Data\Microsoft\Installer\{20820A45-02A1-144C-21A3-A1812C5DDE23}\ARPPRODUCTICON.exe
2009-12-11 09:58 . 2009-10-01 17:09 -------- d-----w- c:\documents and settings\d\Application Data\2K Sports
2009-12-11 09:12 . 2009-12-11 09:08 5409 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-12-11 09:12 . 2009-10-01 05:41 72166 ----a-w- c:\windows\BricoPackUninst.cmd
2009-12-11 09:12 . 2004-08-04 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-11 03:23 . 2009-09-30 03:34 23392 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 19:41 . 2009-12-10 19:41 -------- d-----w- c:\documents and settings\d\Application Data\ViStart
2009-12-10 16:38 . 2009-12-10 16:38 -------- d-----w- c:\documents and settings\d\Application Data\Styler
2009-12-09 15:19 . 2009-12-09 15:19 -------- d-----w- c:\program files\iTunes
2009-12-09 15:19 . 2009-12-09 15:19 -------- d-----w- c:\program files\iPod
2009-12-09 15:19 . 2009-10-02 01:42 -------- d-----w- c:\program files\Common Files\Apple
2009-12-09 15:18 . 2009-10-02 01:43 -------- d-----w- c:\program files\QuickTime
2009-12-09 15:04 . 2009-12-09 15:04 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-08 09:37 . 2009-10-01 03:36 -------- d-----w- c:\program files\MSI
2009-12-08 06:31 . 2009-12-08 06:31 11312764 ----a-w- c:\documents and settings\d\Application Data\futuredecks_pro_2.exe
2009-12-08 06:31 . 2009-12-08 06:31 11312764 ----a-w- c:\documents and settings\d\Application Data\futuredecks_pro_2.exe
2009-11-24 15:05 . 2009-11-24 15:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-24 08:15 . 2009-10-01 14:33 71272 ----a-w- c:\documents and settings\d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 18:57 . 2009-11-23 18:57 152576 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 18:57 . 2009-11-23 18:57 79488 ----a-w- c:\documents and settings\d\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 07:02 . 2009-11-21 07:02 921 ----a-w- c:\windows\QSFVExit.bat
2009-11-17 19:30 . 2009-12-15 05:47 65776 ----a-w- c:\windows\UnDeploy.exe
2009-11-17 19:28 . 2009-11-17 19:28 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-17 19:26 . 2009-11-17 19:26 1924440 ----a-w- c:\documents and settings\d\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2003-01-30 20:43 . 2003-01-20 05:07 6065152 ----a-w- c:\program files\Mystical.exe
2001-07-17 08:15 . 2003-01-29 17:23 66680 -c--a-w- c:\program files\ARDS1.ttf
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-13 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 . E3CA5F98EC61E77DB48355306FEC0CD4 . 1512448 . . [6.00.2900.5512] . . c:\windows\Service_Pack_Files\i386\explorer.exe
[-] 2004-08-04 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . 4CD919173DE30889D35DBD82CA3A843B . 1510912 . . [6.00.2900.2180] . . c:\windows\7SP_Files\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\7SP_Files\backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 05:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"BCD2000"="c:\windows\system32\bcd2kcpan.exe" [2010-01-19 532480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-31 16857600]
"DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

c:\documents and settings\d\Start Menu\Programs\Startup\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
WinFlip.lnk - c:\windows\7SP_Files\WinFlip\WinFlip.exe [2009-12-11 479232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-17 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-01 06:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^AeroShake.lnk]
backup=c:\windows\pss\AeroShake.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^MagicDisc.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^Refresh Icon Cache.lnk]
path=c:\documents and settings\d\Start Menu\Programs\Startup\Refresh Icon Cache.lnk
backup=c:\windows\pss\Refresh Icon Cache.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^Styler toolbar.lnk]
backup=c:\windows\pss\Styler toolbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^VisualTaskTips.lnk]
backup=c:\windows\pss\VisualTaskTips.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^YzShadow.lnk]
backup=c:\windows\pss\YzShadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^`d3x^Start Menu^Programs^Startup^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^`d3x^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^`d3x^Start Menu^Programs^Startup^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 15:24 620152 ----a-w- d:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 23:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-03-31 05:26 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 21:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2008-04-13 07:09 49152 ----a-w- c:\windows\7SP_Files\Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 06:50 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 11:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 08:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation]
2009-03-08 06:09 638816 ----a-w- c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Viewer]
2009-03-08 06:09 638816 ----a-w- c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 06:21 2213160 ----a-w- d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 06:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"d:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"d:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"d:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"d:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/1/2009 1:47 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/1/2009 1:47 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/1/2009 1:47 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/1/2009 2:01 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2009 2:01 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/1/2009 2:01 PM 1370488]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2009 6:52 PM 236368]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/6/2009 12:15 PM 14976]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [10/1/2009 2:16 PM 1373480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/1/2009 12:02 PM 29208]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [1/30/2007 3:20 PM 834944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2009 6:52 PM 19160]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/1/2009 12:02 PM 29208]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;c:\windows\system32\drivers\BCD2000.SYS [9/30/2009 3:49 AM 42400]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;c:\windows\system32\drivers\BCD2000WDM.SYS [10/29/2009 7:32 PM 21632]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2/13/2007 5:16 PM 12288]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{400D33BA-A208-4475-AB93-32940E9F4045}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://ph.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ph&p=
FF - component: c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\iljpxb5j.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF - plugin: d:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1604221776-839522115-1008\Software\SecuROM\License information*]
"datasecu"=hex:69,b9,44,9e,de,73,f8,55,89,11,68,8e,bc,a7,be,ac,59,f6,8d,a7,7d,
33,69,a2,a4,47,c3,61,c5,a9,e6,84,2b,c1,de,37,cf,38,51,62,84,b2,7c,17,0c,f4,\
"rkeysecu"=hex:d8,74,36,5c,13,25,3e,39,e5,b7,b3,9a,c5,53,6a,0f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\7SP_Files\WinFlip\WFHook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Smith Micro\StuffIt\ArcNameService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-02-04 17:05:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 09:05
ComboFix2.txt 2010-01-31 06:30

Pre-Run: 78,806,876,160 bytes free
Post-Run: 78,774,116,352 bytes free

- - End Of File - - 1B7606E66196368D512DB1DDED888CD5

0

Please update MBA-M do another full scan and have it remove everything found, reboot and then do another HiJackThis scan and post the new MBA-M log and the new HJT log.
Judy

0

Hi here's what you asked for.

MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3704
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/9/2010 5:06:56 PM
mbam-log-2010-02-09 (17-06-56).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|I:\|)
Objects scanned: 386792
Time elapsed: 1 hour(s), 47 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\Files\Intallers\Adobe.Photoshop.Lightroom v2\keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
I:\Files\Intallers\EZ Antivirus\keymaker\keymaker.exe (Malware.Packer.Gen) -> Not selected for removal.
I:\Files\Intallers\Installer\bejeweled 123\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.

0

HJT Log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:16:02 PM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\bcd2kcpan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\7SP_Files\WinFlip\WinFlip.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinFlip.lnk = C:\WINDOWS\7SP_Files\WinFlip\WinFlip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260515129281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10443 bytes

0

Hope theres no more nastiesü

Well I am sorry to say, there probably are still infections because of these showing in your MBA-M log:

Files Infected:
I:\Files\Intallers\Adobe.Photoshop.Lightroom v2\keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
I:\Files\Intallers\EZ Antivirus\keymaker\keymaker.exe (Malware.Packer.Gen) -> Not selected for removal.

Why didn't you remove those? As long as they remain then your computer is still infected.
Is this an additional hard drive, a back up drive, a flash drive? What is it exactly and why didn't you tell MBA-M to clean it? There was another file listed but you told the program to clean it and it did.

I:\Files\Intallers\Installer\bejeweled 123\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.

0

coz its a keygen n ived been using it for years now n thought its a false positive like other keygens n cracks. So should i?

0

Did what uved said heres my lastest Mbam

Malwarebytes' Anti-Malware 1.44
Database version: 3718
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/11/2010 4:25:18 PM
mbam-log-2010-02-11 (16-25-18).txt

Scan type: Full Scan (C:\|D:\|H:\|I:\|)
Objects scanned: 383100
Time elapsed: 1 hour(s), 50 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Latest HJT


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:21:11 PM, on 2/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\bcd2kcpan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinFlip.lnk = C:\WINDOWS\7SP_Files\WinFlip\WinFlip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260515129281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10326 bytes

0

coz its a keygen n ived been using it for years now n thought its a false positive like other keygens n cracks. So should i?

Generally these are considered illegal and can bring infection to the computer. If you feel this is incorrect or a false positive you may contact Adobe and MBA-M and ask them and see what they say. If this one is considered legal or not a false positive then you could restore it. But I would contact Adobe and MBA-M about it.
Are you still getting multiple instances of IE opening?

0

nope im not...since you gave the command "kill all....."

Thanks alot for the help i appreciate it. So am i cured?=) should i check the solved button? =)

0

nope im not...since you gave the command "kill all....."

Thanks alot for the help i appreciate it. So am i cured?=) should i check the solved button? =)

First you need to Uninstall Combofix as it will not be needed, it is a one time use program and should never be re-used. If you ever need it again...you will be told to use it and then you would download a brand new copy.

To do this do the following:
* Click START then RUN
* Now type ComboFix /Uninstall in the runbox and click OK. The space between the combofix and the /uninstall, it must be there.
When shown the disclaimer, Select "2"

Next Uninstall HiJackThis. You don't need it anymore and should you need it again you should download a new copy. Do this via Add/Remove.
Finally you also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
After doing all of the above you can then mark this one solved.

0

everything done n solved sir....once again thank you so much for the big help!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.